Assuming your default policy is drop or the last rule in your chain a
log/drop, then yes, the second rule would be redundant. Stick with rule
3 and ESTABLISHED/RELATED. Of course, no TCP based services on this
machine will work...
Phillip, I didn't post the entire file.
The default policy on the INPUT chain is DROP. I do allow incoming
ssh & ftp from a couple of Linux servers that I manage. All other
TCP traffic on the external interface is stopped by the "-p tcp --syn
-j DROP" rule. I also have the rule "-t nat -A POSTROUTING -o
$EXTERNAL_IF -j MASQUERADE" coz this machine is a server for a couple
of machines connected to its local (non-internet) interface.
The rules also contain the usual stuff so the internal interfaces work i.e.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $INTERNAL_IF_1 -j ACCEPT
From your response I assume that this setup would make the system
safe from unwanted/unexpected incoming traffic that originates from
well known ports. What do these attacks do to fools firewalls
anyway? Are there firewalls out there that let in traffic if it
appears to originate from a well known port.
jmb
