[TriLUG] IPTABLES rule help

rasch at raschnet.com rasch at raschnet.com
Mon Jul 14 14:30:01 EDT 2003


On Mon, Jul 14, 2003 at 01:56:41PM -0400, bp wrote:
> This isn't a firewall machine but rather just a plain lab box.  Single 
> nic.  Figured on something more like:
> 
> Deny ALL
you have the option here of saying "REJECT" or "DROP"  REJECT will send
a "connection refused" or analogous message back to the requester.
"DROP" will just drop the packet and act as though it never existed.

# iptables -P input REJECT

> allow ping from *
# iptables -A input -p icmp -j ACCEPT
> allow ssh from *
# iptables -A input -p tcp --destination-port ssh -j ACCEPT
> allow * from x, y, z subnets
# iptables -A input -s a.b.c.d/25 -j ACCEPT
> Any rules that simple for what I want?  -bp

"man iptables" will also help you out here.

Absolutely, sorry I guess I went a bit overboard.

Although moot in this discussion, i left off the "-j ACCEPT" parameter
in my previous email.

Good luck,
David



More information about the TriLUG mailing list