Bridging Firewall
Bobby Knueven
knueven.7 at osu.edu
Thu Jul 29 22:54:45 UTC 2004
I have a bridging firewall setup (No NAT/MASQ). My iptables are
working, but something is a little off. I allow connections to the
internet, DNS with all established,related connections accepted, but
for some reason my default policies (all of them are DROP) are not
working. I can access my webserver from outside the firewall and I
should not be able to. Here's what I have.
sub1="x.x.x.0/23"
### Flush tables
iptables -F
iptables -X
iptables -Z
### Policies
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
### Loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
### DNS
iptables -A FORWARD -m state --state NEW -s $sub1 -p UDP --dport 53 -j
ACCEPT
### HTTP
iptables -A FORWARD -m state --state NEW -s $sub1 -p TCP -m multiport
--dport 80,443 -j ACCEPT
## to block access to the webserver that's sitting behind the firewall
I have to add this to this
## script if I don't I can get to the webserver
#iptables -A FORWARD -p TCP -d $sub1 --dport 80 -j DROP
### Accept established connections
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
More information about the fedora-list
mailing list