[ale] Simple iptables example wanted
Michael D. Hirsch
mhirsch at nubridges.com
Mon May 12 16:20:14 EDT 2003
On Monday 12 May 2003 03:42 pm, Jonathan Glass wrote:
> #!/bin/bash
> $IPT=/sbin/iptables
>
> $IPT -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
> $IPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68
> ACCEPT
> $IPT -A INPUT -i lo -j ACCEPT
> $IPT -A INPUT -p tcp -m tcp --syn -j REJECT
> $IPT -A INPUT -p udp -m udp -j REJECT
>
> HTH
>
> Jonathan Glass
Very nice. thanks.
Michael
> On Mon, 2003-05-12 at 15:06, George Carless wrote:
> > Hi Michael,
> >
> > I don't know important it is to you to actually "understand" what's
> > going on.. but if you'd just like a nice, simple and configurable
> > iptables script then I quite like gShield -- a quick search on
> > freshmeat should turn it up. It's very easy to configure for most
> > applications.
> >
> > Cheers,
> > --George
> >
> > On Mon, 12 May 2003, Michael D. Hirsch wrote:
> > > I'm trying to lock down a box. I want to let traffic in on port 22
> > > from any host, and nothing else. I want to let out traffic on port
> > > 22 and dns, nothing else (which means that DNS replies have to also
> > > be allowed).
> > >
> > > Anyone have a simple iptables config that would do this? Or a
> > > pointer to a site with recipies? I know it is simple, but I don't
> > > feel comfortable with my limited knowledge.
> > >
> > > Thanks,
> > >
> > > Michael
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list