Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Default policy setting with iptables
  • From: <Stefan.Junge@xxxxxxxxxxxxxxx>
  • Date: Thu, 17 Mar 2005 16:15:59 +0100
  • Message-id: <3931A8AA53AC12428344A767CB3D865F028B6B@xxxxxxxxxxxxxxxxx>
Hello,

I have got a question concerning setting up a default policy with
iptables.

There is a system with kernel 2.6.
I have configured a rule set in a script which will be loaded at boot
time.
On SuSE 8.2 there was the same rule set - and it works.

Now,
1. with the kernel 2.6 I have not any logging as configured in syslog
Kern.* /var/log/firewall

2. The default policy is not set as I have expected.

Here is the beginning:

Some basics ...
And then ...

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -F
iptables -t nat -F
iptables -X

#
=======================================================================
# Loopback Devices
#
=======================================================================
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT

#
========================================================================
===
# DROP & LOG Chain
#
========================================================================
=
iptables -N my_drop
iptables -A my_drop -p icmp -j LOG --log-prefix "DROP-ICMP "
iptables -A my_drop -p udp -j LOG --log-prefix "DROP-UDP "
iptables -A my_drop -p tcp -j LOG --log-prefix "DROP-TCP "
iptables -A my_drop -j DROP

....

Rules for SSH, http ...

What could be wrong?

Regards,
Stefan Junge

< Previous Next >
Follow Ups