[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Michael Whitman wrote: > > If it is linux and a fairly recent distro you may already have IPTABLES > installed. > Stuff which will be helpful can be found at > http://netfilter.samba.org/documentation/index.html#whatis > > At 02:40 PM 3/27/2002 -0500, you wrote: > >I want firewalling protection on just one machine For a really quick filter use: http://netfilter.samba.org/documentation/HOWTO//packet-filtering-HOWTO-5.html Most people just have a single PPP connection to the Internet, and don't want anyone coming back into their network, or the firewall: ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp ## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block # iptables -A FORWARD -j block -- Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\ http://www.netaxs.com/~ldc ( o.o ) Phone: 215-535-4037 > ^ < Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug