[Techtalk] Switching to Netfilter
Subba Rao
subba9 at home.com
Fri Sep 14 08:06:36 EST 2001
I am in the process of switching from ipchains to iptables. Ipchains served it's
purpose really well with excellent packet filtering. Now it is time to move on
to Iptables. The first place I will be installing the iptables is on the
gateway. I don't have other systems that need the upgrade or test iptables. So
I need to have the defenses up soon after the system boots up. I have to make
sure that the system cannot be connected to from the outside unless explictly
allowed.
Here is one rule from the Ipchains on my system that allowed traffic back from
the Internet that was initiated from our gateway. ( I have changed the IP
address in the rule )
# Default DENY Policy
/sbin/ipchains -P input DENY
# Allows return packets initiated by us
/sbin/ipchains -A input -j ACCEPT -i eth0 -s any/0 -d 1.1.1.1 1024:65535 -p TCP ! -y
# Deny everything else and log it
/sbin/ipchains -A input -j DENY -l
What would Iptables equivalent of these rules be? Are there any other rules that
I should consider to implement?
To start out I would like the above setup and then gradually allow inbound
connections on a case by case basis.
Thank you in advance.
--
Subba Rao
subba9 at home.com
http://members.home.net/subba9/
GPG public key ID CCB7344E
Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
More information about the Techtalk
mailing list