default iptables rules
Peter Garrett
peter.garrett at optusnet.com.au
Mon Sep 17 02:11:03 UTC 2007
On Sun, Sep 16, 2007 at 05:06:31PM -0400, Jimmy Wu wrote:
> On 9/15/07, NoOp <glgxg at sbcglobal.net> wrote:
> >
> > On 09/15/2007 05:02 PM, Jimmy Wu wrote:
> > > On 9/14/07, John L Fjellstad <john-ubuntu at fjellstad.org> wrote:
> > >>
> > >> Peter Garrett <peter.garrett at optusnet.com.au> writes:
> > >>
> > >> > I have found the simplest way to set up iptables is to start with a
> > >> > default "DROP" policy for INPUT
> > >>
> > >> One thing to note is that if you are ssh into a box, it might not be a
> > >> good idea to add this policy first (God knows I've done that a couple
> > of
> > >> times :-) ).
> > >>
[big snip]>
>
> @Peter Garrett:
> I followed the instructions in the IPTABLES HOWTO of the online community
> Ubuntu docs, and added the following line to my /etc/network/interfaces
> entry for eth0:
> pre-up iptables-restore < /etc/network/iptables.up.rules
> and it does properly save my iptables rules. (I tested it by flushing the
> rules with -F and doing a /etc/init.d/networking restart). I think this
> ensures that the rules are put in place whenever a network connection is up
> (I only use eth0)
As I think I mentioned, there are several ways to do this. If that
works for you, great!
The way I do it is more to ensure that certain IPs that vary with time
get resolved ( for instance, the servers available on irc may or may
not be on-line at the time of connection.)
I'm sure I could do it another way - but it works for me. I also
prefer the format of the script rather than the format of the default
"save", but that's really just my laziness :) I understand my own
script because I wrote it...
Peter
More information about the ubuntu-users
mailing list