[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] iptables rules

Subject: [ale] iptables rules
From: ups at tree.com (Stephan Uphoff)
Date: Wed Aug 4 15:20:04 2004
In-reply-to: Your message of "Wed, 04 Aug 2004 14:55:01 EDT." <[email protected]>

Repeat after me:
	The INPUT chain is for a packet with the box itself as a destination
	The OUTPUT chain is for locally generated packets
	The FORWARD chain is for routed packages.
	Routed packages will not go through the INPUT or OUTPUT chains.

This is different than it was with the old "ipchains".

/sbin/iptables -A FORWARD -p tcp -i ${PRIVATE} -s 192.168.254.0/24 -d
 0.0.0.0/0 --dport 25 -j DROP

	Stephan


> Here is one rule set:
> /sbin/iptables -A INPUT -p tcp -i ${PRIVATE} -s 192.168.254.0/24 -d
> 192.168.1.254/32 --dport 25 -j ALLOW
> /sbin/iptables -A INPUT -p tcp -i ${PRIVATE} -s 192.168.254.0/24 -d
> 0.0.0.0/0 --dport 25 -j DROP
> 
> 
> Should'nt the exception be before the rule?
> 
> 
> On Wed, 2004-08-04 at 14:45, Christopher Fowler wrote:
> > I have a machine on the network that I need to protect my bandwidth
> > from.  This is a windows box and it is clear to me that it can not be
> > trusted.
> >
> > My firewall is 192.168.1.254 and I want it to be able to go to port 25
> > of that machine but not out the public interface.  I also want to block
> > all outgoing ports other than 80.
> >
> > 2 Trojans were found on this machine and I think it has become a spam
> > box.
> >

Follow-Ups:
- [ale] iptables rules
  - From: cfowler at outpostsentinel.com (Chris Fowler)

References:
- [ale] iptables rules
  - From: cfowler at outpostsentinel.com (Christopher Fowler)

Prev by Date: [ale] iptables rules
Next by Date: [ale] iptables rules
Previous by thread: [ale] iptables rules
Next by thread: [ale] iptables rules
Index(es):
- Date
- Thread