"[EMAIL PROTECTED]" wrote: > > Well; What are you default rules for your firewall, sensibly they should be >something like this: > > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > This will close all inbound connections to your box. (Be carefull not to enter this >from the command line if you are mounting NFS, I did and it locks your machine!) We >now need to flush all existing rules by doing: > > # flush the NAT tables > iptables -t nat -F > # flush filter table > iptables -F > # flush user-defined rules > iptables -X > > Set up masquerading: > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > Allow the loopback interface: > > iptables -A OUTPUT -o lo -j ACCEPT > iptables -A INPUT -i lo -j ACCEPT > > Allow internal ethernet i/face: > > iptables -A OUTPUT -o eth0 -j ACCEPT > iptables -A INPUT -i eth0 -j ACCEPT > > Set up those already established inbound/outbound requests, > > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j >ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j >ACCEPT > > Do the icmp bit: > > iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT > iptables -A FORWARD -o ppp0 -p ICMP --icmp-type echo-request -j ACCEPT > > Now set up the rules for those services you want to open. Do some firewall reading >for that. As I said, I am not an expert, but I understand the basic, If anyone can >add to this....your welcome. But I would be suprised if the port 139 was still open >from the exterior. > > Dave.
Nice job, Dave (I have included the outline again). And daR, after checking to see that the above is done, I would like to know if your OUTSIDE port 139 is still open.... craig woods -- 2:20am up 9:25, 2 users, load average: 0.00, 0.00, 0.00
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
