[Linuxtrent] Re: iptables

• From: Flavio Visentin <THe_ZiPMaN@xxxxxxxxx>
• To: linuxtrent@xxxxxxxxxxxxx
• Date: Mon, 23 Aug 2004 23:20:38 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|> modprobe ipt_MASQUERADE
|> iptables -F; iptables -t nat -F; iptables -t mangle -F
|> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
|> echo 1> /proc/sys/net/ipv4/ip_forward
|> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
|> iptables -P INPUT DROP
|> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

mi sembra che ci sia un po' di confusione. Ad okkio (ci possono essere
errori):

# Flush di tutte le chain di iptables

if [ -e /proc/net/ip_tables_names ]
then
~    cat /proc/net/ip_tables_names | while read TABLE
~    do
~        iptables -t $TABLE -L -n | while read TYPE CHAIN REST
~        do
~            [ "$TYPE" = "Chain" ] && iptables -t $TABLE -F $CHAIN
~        done
~        iptables -t $TABLE -X
~    done
fi

# Droppa tutto ciò che non è esplicitamente consentito
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Abilita il masq. sulla ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Consenti le connessioni stabilite o relazionate
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Accetta tutto ciò che non proviene dall'esterno
iptables -A INPUT -i ! ppp0 -j ACCEPT

# Consenti tutto in uscita
iptables -A OUTPUT -j ACCEPT

# Consenti tutto da dentro a fuori
iptables -A FORWARD -i ! ppp0 -o ppp0 -j ACCEPT

Comunque dai un'okkio al buon qtables che è un ottimo insegnante.
- --
Flavio Visentin

|                     \|||/
|                    @/0.0\@
|                     \ - /
+------------------oOOo---oOOo------------------

There are only 10 types of people in this world:
those who understand binary, and those who don't.

GPG Key: http://www.zipman.it/gpgkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBKl+musUmHkh1cnoRAoGkAJ4iLiguxYAlLo17LVDil8mgoWsAugCfYZBi
hP7Ks8/YjGBGH9Y20oTMSyo=
=TRCb
-----END PGP SIGNATURE-----
--
Per iscriversi  (o disiscriversi), basta spedire un  messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx

• Follow-Ups:
  • [Linuxtrent] Re: iptables
    • From: Giuseppe Briotti

• References:
  • [Linuxtrent] iptables
    • From: Giuseppe Briotti

Other related posts:

• » [Linuxtrent] iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] Re: iptables..
• » [Linuxtrent] iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables
• » [Linuxtrent] Re: iptables

1. Home
2. linuxtrent
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---