Re: IPTables configuration.
Hello,
maybe stupid question, but what role of this host, with a such iptables
configuration it is? It is a host firewalling a network behind, or it is
a standalone machine in Internet?
Also maybe "-v" commandline option could be helpfull. Just first rule,
as we can see here:
<snip>
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
</snip>
will successfuly block all tcp traffic to local loopback (lo device),
also from your own machine. Are you sure, you want/need this? ;-)
But with "-v" option we will see, that rules are binded to some network
devices. So if your rule will be like this:
<snip>
target prot opt source in out destination
DROP tcp -- anywhere eth0 - 127.0.0.0/8
</snip>
it will mean, that anyone, who will be sending packets to you from
external network with destination address of loopback device will be
stopped by your firewall. And your service (squid in default
installation, for example), trusting to local machine won't be
compromised. ;-)
So try:
# iptables -n -v -L -t filter
# iptables -n -v -L -t nat
I hope, this help.
mARTin
Tore Nilsson wrote:
Hello!
Can someone review my iptables configuration and give suggestions?
Btw. if I'd want to block someone completely using this configuration
should I put them in "Parole" by using this command:
iptables -A PAROLE -s [ip-number] -j DROP
//Tore Nilsson
here's my configuration. btw, it was made with Bastille:
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
....
Reply to: