Re: iptables question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 16, 2010 at 9:14 PM, JD <jd1008@xxxxxxxxx> wrote:
>  I would like to set up my iptables firewall so that when I issue
> the command
>
> $ sudo iptables -L -n
>
> I would like to see only the following:
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
> ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
> ACCEPT     all  --  127.0.0.1            0.0.0.0/0
> ACCEPT     all  --  aaa.bbb.ccc.ddd      0.0.0.0/0
> ACCEPT     all  --  bbb.ccc.ddd.eee      0.0.0.0/0
> ACCEPT     all  --  ccc.ddd.eee.fff      0.0.0.0/0
> ACCEPT     all  --  ddd.eee.fff.ggg      0.0.0.0/0
> DROP       all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> DROP       all  --  0.0.0.0/0            0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>
> How do I accomplish this?
>
> The gui for setting up the firewall is to darned limited and it
> creates unexpected rules and filters I did not specify.

The "unexpected rules and filters" are most probably good/necessary...

This should (untested) output what you posted above:
#! /bin/sh
IPTABLES="/sbin/iptables"
$IPTABLES --table filter --policy INPUT ACCEPT
$IPTABLES --table filter --policy FORWARD ACCEPT
$IPTABLES --table filter --policy OUTPUT ACCEPT
$IPTABLES --append INPUT --in-interface lo --jump ACCEPT
$IPTABLES --append OUTPUT --out-interface lo --jump ACCEPT
$IPTABLES --append INPUT -m state --state ESTABLISHED,RELATED --jump ACCEPT
$IPTABLES --append INPUT --protocol icmp --icmp--type 255 --jump ACCEPT
$IPTABLES --append INPUT --protocol udp --destination 224.0.0.251
--destination-port 5353 --jump ACCEPT
$IPTABLES --append INPUT --source a.b.c.d --jump ACCEPT
$IPTABLES --append FORWARD --jump DROP
$IPTABLES --append INPUT --jump DROP
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux