iptables rule command help

Jörg Harmuth harmuth at mnemon.de
Tue Aug 30 12:37:58 CEST 2005


CC commmunication schrieb:
> Hi
> wt i want to do is just simple setup. I will be very
> thankful for the help
> 
>               firewall/Gateway   
> lan0---eth0-192.168.1.253/30--eth1-10.0.0.253/30-----Lan1
> 
> I want one to write the iptable rule for forwarding of
> TCP traffic from Lan0 to lan1 on the server
> 10.0.0.254/30 port www, telnet, ssh, ftp 21,22 during
> the office timeings 9 am to 5pm with syn bit set or
> stateful option New, Established, Related 

Just basic, may need some tuning. Ofcourse there are other ways to
achieve your goal.

echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -N ALLOWED_TIME

iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m time --timestart 09:00 --timestop 17:00 \
         --days Mon,Tue,Wed,Thu,Fri -j ALLOWED_TIME

iptables -A ALLOWED_TIME -p tcp --dport 80 -s $LAN0 -d $LAN1 \
         --syn -j ACCEPT
...

And so on.

> and log the packet field informations as well.

Sorry, what exactly do want to log ?

HTH and have a nice time,

Joerg



More information about the netfilter mailing list