Re: [gentoo-user] Is this firewall safe?

Eric Martin Mon, 27 Apr 2009 12:35:35 -0700
Marco wrote:
> On Fri, Apr 24, 2009 at 4:59 PM, Eric Martin <freak4u...@gmail.com> wrote:
>   
>> Marco wrote:
>>     
>>> Hi all,
>>>
>>> I set up my first firewall on my notebook (not running any services
>>> reachable from outside) using iptables. Since I am new to the topic,
>>> could you please verify if the output of 'iptables -L -v' is
>>> considered to be a safe firewall? Thanks!
>>>
>>> Chain INPUT (policy DROP 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>     0     0 ACCEPT     all  --  lo     any     anywhere
>>> anywhere
>>>     0     0 ACCEPT     all  --  eth0   any     anywhere
>>> anywhere            state RELATED,ESTABLISHED
>>>     0     0 REJECT     tcp  --  eth0   any     anywhere
>>> anywhere            reject-with tcp-reset
>>>     0     0 REJECT     udp  --  eth0   any     anywhere
>>> anywhere            reject-with icmp-port-unreachable
>>>     0     0 DROP       udp  --  eth0   any     anywhere
>>> anywhere            udp spt:bootps
>>>     0     0 LOG        all  --  eth0   any     anywhere
>>> anywhere            LOG level warning prefix `INPUT   '
>>>     1    79 ACCEPT     all  --  wlan0  any     anywhere
>>> anywhere            state RELATED,ESTABLISHED
>>>     0     0 REJECT     tcp  --  wlan0  any     anywhere
>>> anywhere            reject-with tcp-reset
>>>     0     0 REJECT     udp  --  wlan0  any     anywhere
>>> anywhere            reject-with icmp-port-unreachable
>>>     0     0 DROP       udp  --  wlan0  any     anywhere
>>> anywhere            udp spt:bootps
>>>     0     0 LOG        all  --  wlan0  any     anywhere
>>> anywhere            LOG level warning prefix `INPUT   '
>>>
>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>     0     0 LOG        all  --  any    any     anywhere
>>> anywhere            LOG level warning prefix `FORWARD '
>>>     0     0 LOG        all  --  any    any     anywhere
>>> anywhere            LOG level warning prefix `FORWARD '
>>>
>>> Chain OUTPUT (policy ACCEPT 5 packets, 1691 bytes)
>>>  pkts bytes target     prot opt in     out     source
>>> destination
>>>     0     0 ACCEPT     all  --  any    lo      anywhere
>>> anywhere
>>>     0     0 LOG        all  --  any    eth0    anywhere
>>> anywhere            LOG level warning prefix `OUTPUT  '
>>>     1    52 LOG        all  --  any    wlan0   anywhere
>>> anywhere            LOG level warning prefix `OUTPUT  '
>>>
>>>       
>   
<snip>
> Sorry for the bad format. gmail decided to insert some sub ideal pagebreaks...
>
> Talking about the 1 log line at the bottom you mean I should configure
> it to not specify an interface (eth0, wlan0)?
>
> Thanks!
>
>   
Yeah, not specifying an interface for the log rule to apply to will make
it catch all interfaces (including lo but all traffic has already been
approved ahead of time so it won't catch).
Re: [gentoo-user] Is this firewall safe?

Reply via email to
