| View previous topic :: View next topic |
| Author |
Message |
tiran
n00b
Joined: 01 Jan 2003
Posts: 5
Location: Israel
|
 Posted: Sat Jan 04, 2003 1:23 am Post subject: what is the easiest way to setup a block - in firewall ? |
 |
|
hi;
i started reading the security FAQ, and it's just overkill for what i need :
if i need to block everything from going in and everything should be allowed to go out what is the easiest way to setup a firewall ?
which emerge should i use ?
thanks
tiran
btw
i don't think iptables installed correctly - i tried running Kmyfirewall / kfirewall and it fell . |
|
| Back to top |
|
 |
atac
Apprentice
Joined: 04 Jan 2003
Posts: 234
Location: haninge, swe
|
| Posted: Sat Jan 04, 2003 1:33 am Post subject: iptables |
|
|
what you need iptables
after installing you might want to change some netfilter options in your kernel.
and the rules you should apply is:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
this will drop all incoming traffic and allow all outgoing. |
|
| Back to top |
|
|
dreamer3
Guru
Joined: 24 Sep 2002
Posts: 553
|
| Posted: Sat Jan 04, 2003 2:30 am Post subject: Re: iptables |
|
|
| atac wrote: | what you need iptables
after installing you might want to change some netfilter options in your kernel.
and the rules you should apply is:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
this will drop all incoming traffic and allow all outgoing. |
I'm not sure that's EXACTLY what he had in mind, though it might well be... I think he meant that ALL traffic should be able to go out, but only EXISTING or ESTABLISHED connections would be able to come back in. (the above wouldn't be very useful for most situations in my opinion).
If that's what you wanted just say so and I will look up and paste a few example commands... unless someone else could provide them from memory.  |
|
| Back to top |
|
|
tiran
n00b
Joined: 01 Jan 2003
Posts: 5
Location: Israel
|
| Posted: Sat Jan 04, 2003 8:55 am Post subject: Re |
|
|
i thought its obvious the firewall will allow EXISTING or ESTABLISHED connections to come back .
please help.
thanks. |
|
| Back to top |
|
|
vicay
Tux's lil' helper
Joined: 29 Apr 2002
Posts: 97
Location: Dresden, Germany
|
| Posted: Sat Jan 04, 2003 11:50 am Post subject: Re: what is the easiest way to setup a block - in firewall ? |
|
|
| tiran wrote: | hi;
i started reading the security FAQ, and it's just overkill for what i need :
if i need to block everything from going in and everything should be allowed to go out what is the easiest way to setup a firewall ?
which emerge should i use ?
thanks
tiran
btw
i don't think iptables installed correctly - i tried running Kmyfirewall / kfirewall and it fell . |
Hello,
there is a very nice iptables documentation on netfilter.samba.org.
Maybe this will help you a bit. It's quite complicated to write down
some rules that will probably apply to your system, if we don't know
about your system.
Is your system permanently connected to the internet or via dialin?
How is it connected (DSL, Modem, ISDN?)?
Does your system act stand-alone, or should it act as a router
for a local network too?
Best regards
vicay |
|
| Back to top |
|
|
atac
Apprentice
Joined: 04 Jan 2003
Posts: 234
Location: haninge, swe
|
| Posted: Sat Jan 04, 2003 1:11 pm Post subject: |
|
|
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
| Back to top |
|
|
|
Networking & Security
