[ale] Iptables ruleset for a laptop
matty91 at bellsouth.net
matty91 at bellsouth.net
Wed Jun 4 19:01:06 EDT 2003
Howdy,
Thanks everyone for the example iptables scripts. After much reading and
tinkering around, I think I found what I was looking for:
# flush any existing chains and set default policies
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# allow all packets on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# allow established and related packets back in
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT
This allows everything outbound, and drops everything inbound. Anyone
see any flaws with this? After testing with nmap, I can't seem to find
any issues (though there may still be some).
Thanks,
- Ryan
Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: http://www.daemons.net/~matty/public_key.txt
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list