Hi,
I'm learning about iptables as soon I'll be required to fill this role at work.
At home I've been learning about firewalling with iptables.
For my home network I have this simple set of rules I'm wondering is OK or needs improvement.
My LAN is one gateway box and one laptop - pretty simple. Below you will see 4 sets of rules. Do you think there satisfactory ?
I use eth0 on the LAN and ppp0 for web access.
I have my rules based on the device used instead of IP and use the 'state' argument quiet freely.
Thank you kindly - I very much appreciate your words and time. Kind regards Rudi.
# MASQUERADING / NAT RULES for LAN for my laptop to surf the web # postrouting rule (NAT) iptables --table nat --append POSTROUTING -o ppp+ -j MASQUERADE
# FORWARDING RULES for LAN -- for my laptop to surf the web # forwading outbound iptables --append FORWARD --in-interface eth0 --out-interface ppp0 -j ACCEPT # forwarding inbound # iptables --append FORWARD --in-interface ppp0 --out-interface eth0 -j ACCEPT iptables --append FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# INPUT and OUTPUT for LAN for my laptop to connect to the gateway box ( ssh,ftp,http etc ) iptables --append INPUT --in-interface eth0 -j ACCEPT iptables --append OUTPUT --out-interface eth0 -j ACCEPT
# INPUT and OUTPUT for this BOX - so I can use things like wget from the gateway box. iptables --append INPUT -m state --state RELATED,ESTABLISHED --in-interface ppp0 -j ACCEPT iptables --append OUTPUT --out-interface ppp0 -j ACCEPT # enable ftp from this box /sbin/insmod /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
