Configuration - Basic Setup

[Lee Evans]

netfilter@lists.samba.org

fairly easy - allow all incoming related and established connections:

iptables -A INPUT -m --state ESTABLISHED,RELATED -j ACCEPT

then allow ports 22 & 23 new connections:

iptables -A INPUT -p tcp --dport 22 -j ALLOW
iptables -A INPUT -p tcp --dport 23 -j ALLOw

and drop everything else:

iptables -A INPUT -j DROP

Regards
Lee
--
Lee Evans
http://www.leeevans.org

-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of
mkington@atomic-interactive.com
Sent: 07 December 2001 14:00
To: netfilter@lists.samba.org
Subject: Configuration - Basic Setup


Hi Folks,

We setup our first iptables based firewall the other day and I'm just
about
getting my head into this.  I've got NAT working ok, and I can get my head
around around the in, out and forward chains but if I were to prevent an
incomming connection, on all ports but 22 & 23 for TCP, but allow
everything
out (and the response for those to come back in again) how would I do it?
I've read the docs and think I could block SYN packets on a whole bunch of
ports on the input chain for our externally facing ethernet card.  I take
it
that wouldn't affect the ack ACK packets which would be returning.  Is my
thinking correct or totally flawed?

Cheers,
Max