Need More iptable Rules

[Tim]

On Thu, 2005-08-25 at 06:21 -0400, Greg Swallow wrote:

> Looks like all I need is to open a two-way hole for each port in
> firewall. I should be able to get the rules in and saved, but again
> it's been long enough that building each rule line escapes me.

If you're doing it by hand, read the iptables man file.  I don't use the
abbreviations, it's easier to remember how to do them that way.

e.g. iptables --append INPUT --jump DROP \! --in-interface eth+ --source 192.168.0.0/16

(Drop traffic that's not coming from the eth0 interface, but has private
IP addresses.  Which pretty much says allow all local traffic, by
itself, though I have other rules in combination.)

Otherwise, you can use the (security level) GUI tool, and just add in
the ports you want to trust.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.