Firewall
Martin Lorentzson
Martin.Lorentzson at telia.com
Thu Apr 14 19:58:37 UTC 2005
I'm using a simple iptables script that will block all incoming
traffic that didn't originated locally. I've got a single ethernet
card named eth0:
$ cat /etc/network/if-pre-up.d/iptables
#!/bin/sh
test "$IFACE"="eth0" || exit
IPTABLES=/sbin/iptables
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -P INPUT DROP
$IPTABLES -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -s 127.0.0.1 -i lo -j ACCEPT
Just make sure that the iptables file is executable.
/Martin
More information about the ubuntu-users
mailing list