Rodolfo J. Paiz wrote:
<<-- snip -->>
I love it.
I took a simpler approach.
1. Setup iptables with the following
iptables -A INPUT -i lo -j ACCEPT # this allows local loop interface to always work.
iptables -A INPUT -d xxx.xxx.xxx.xxx -m state --state RELATED,ESTABLISHED -j ACCEPT # accept connections back to this host for connections attempted from this host
iptables -A INPUT -j REJECT # this rejects everything else
2. I just add
iptables -I INPUT 3 -d xxx.xxx.xxx.xxx -p tcp -m state --state NEW -m tcp --dport yyy -j ACCEPT
for each port I want to open up on my server.
Note: xxx.xxx.xxx.xxx gets replaced with the local machine's IP address.
yyy gets replaced with the port numberYou can also restrict the source IP address for the packet by including a -s zzz.zzz.zzz.zzz to the iptables command.
Most clients, #1 above is enough to block all attacks.
James Kosin
