[TriLUG] IPTables help
Tanner Lovelace
lovelace at wayfarer.org
Mon Sep 16 14:33:47 EDT 2002
Hi folks,
I'm sure some of you out there are iptables experts. :-)
Right now the trilug machines are using ipchains based firewall
setups. We would really prefer to switch these to iptables,
primarily because of the added benefits that come with
connection tracking. Unfortunately, it doesn't seem to be
a simple subject to figure out. It doesn't help that every
single example you can find on the net assumes you're either
acting as a router (forwarding) or doing NAT (neither of
which we want to do. So, I'm coming to the list for help
instead.
So, here's what we want to do.
1. We have an internal network on eth1 that is trusted. Everything
on that network should be just accepted.
2. Anything part of a connection that we originated should be
accepted.
3. Certain services (i.e. http, ftp, dns, mail, kerberos, ldap, etc..)
should be accepted.
4. Most everything else should be dropped (and optionally logged).
This sounds like it should be easy. Can anyone provide me
with an easy, well commented, example that I can use with the
standard redhat 7.3 iptables script?
Thanks in advance,
Tanner Lovelace
--
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
Si hoc legere scis, nimium eruditionis habes.
More information about the TriLUG
mailing list