I use the Vim Firewall Generator" (TM). Using iptables and linux 2.4.0, I just type
the rules by hand. Here are the rules I use:
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -p tcp --dport 22 -j ACCEPT
iptables -A block -p udp --dport 22 -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.1
68.1.5
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 22 -j DNAT --to 192.1
68.1.5
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This masquerades my cable modem for any PC on 192.168.1.0/24, denies all incoming
connections unless related to or established by an inside machine, and forwards SSH
connections to an interior machine.
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
