iptables question
Tom H
tomh0665 at gmail.com
Tue Aug 17 06:08:10 UTC 2010
On Mon, Aug 16, 2010 at 9:14 PM, JD <jd1008 at gmail.com> wrote:
> I would like to set up my iptables firewall so that when I issue
> the command
>
> $ sudo iptables -L -n
>
> I would like to see only the following:
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
> ACCEPT all -- 127.0.0.1 0.0.0.0/0
> ACCEPT all -- aaa.bbb.ccc.ddd 0.0.0.0/0
> ACCEPT all -- bbb.ccc.ddd.eee 0.0.0.0/0
> ACCEPT all -- ccc.ddd.eee.fff 0.0.0.0/0
> ACCEPT all -- ddd.eee.fff.ggg 0.0.0.0/0
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> DROP all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>
> How do I accomplish this?
>
> The gui for setting up the firewall is to darned limited and it
> creates unexpected rules and filters I did not specify.
The "unexpected rules and filters" are most probably good/necessary...
This should (untested) output what you posted above:
#! /bin/sh
IPTABLES="/sbin/iptables"
$IPTABLES --table filter --policy INPUT ACCEPT
$IPTABLES --table filter --policy FORWARD ACCEPT
$IPTABLES --table filter --policy OUTPUT ACCEPT
$IPTABLES --append INPUT --in-interface lo --jump ACCEPT
$IPTABLES --append OUTPUT --out-interface lo --jump ACCEPT
$IPTABLES --append INPUT -m state --state ESTABLISHED,RELATED --jump ACCEPT
$IPTABLES --append INPUT --protocol icmp --icmp--type 255 --jump ACCEPT
$IPTABLES --append INPUT --protocol udp --destination 224.0.0.251
--destination-port 5353 --jump ACCEPT
$IPTABLES --append INPUT --source a.b.c.d --jump ACCEPT
$IPTABLES --append FORWARD --jump DROP
$IPTABLES --append INPUT --jump DROP
More information about the users
mailing list