Re: Iptables config
On Fri, Apr 12, 2002 at 11:37:09AM +0200, Michal Melewski wrote:
> On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
> > Hi - i have just installed an mailserver with postfix and wu-imap/pop3
> > now i just want to have iptables running. I am no iptables guro, i just
> > want to close all exept from ssh(port 22), pop3(port 110) and
> > imap(port143). Is there and easy way to do this. ????
>
> Sure it is easy...
> iptables -P INPUT DROP
> iptables -I INPUT -p tcp -s 0/0 --dport $port -i $dev -j DROP
^^^^
ACCEPT
If you set INPUT policy to DROP, doesn't that drop everything, not just
incoming SYN packets? If you want to be able to establish any connections
from the machine to anywhere else, e.g. for an apt-get update (downloading
stuff with ftp or http), you need to allow that with iptables. The rule you
gave will let the replies to your SYN be dropped. I'm just learning
iptables, and I haven't figured out the connection tracking stuff yet.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: