Am Do, den 29.01.2004 schrieb Luciano Miguel Ferreira Rocha um 22:58: > On Thu, Jan 29, 2004 at 01:34:34PM -0800, smoothmilk wrote: > > anything? I dont understand how it just flat out doesn't work. I have no > > idea how iptables works, and because there's no documentation out there > > for beginners who just want a script that's for eth0 with a simple www, > > ssh and ftp server(s), Im stuck using rh's tools, which don't do > > anything. there's no security here. > > Shameless plug: http://strange.nsk.pt/mine/ipconf > > Or a simple script: short annotations > #! /bin/sh > /sbin/modprobe ip_conntrack_ftp &> /dev/null modprobe has the parameter "-q" to be quiet. > /sbin/iptables -F > /sbin/iptables -X > /sbin/iptables -P FORWARD DROP > /sbin/iptables -P INPUT DROP To set policies to DROP and have no final REJECT rule is bad. DROP is no good general rule. > /sbin/iptables -P OUTPUT ACCEPT > /sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT > /sbin/iptables -A INPUT -p IMCP -j ACCEPT > /sbin/iptables -A INPUT -p TCP --syn --dport http -j ACCEPT > /sbin/iptables -A INPUT -p TCP --syn --dport ssh -j ACCEPT > /sbin/iptables -A INPUT -p TCP --syn --dport ftp -j ACCEPT > /sbin/iptables -A INPUT -p TCP --syn --dport ftp-data -j ACCEPT > > Regards, > Luciano Rocha Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl Sirendipity 12:10:34 up 20:58, 7 users, 0.68, 0.28, 0.15 [ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
