- allows lo0 traffic
- accepts established connections
- allows all outgoing traffic
- log everything denied.
*filter # # http://wiki.debian.org/iptables # # Defaults are to DROP anything sent to firewall or internal # network, permit anything going out. -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT # Flush all specific rules -F INPUT -F FORWARD -F OUTPUT # Allows all loopback (lo0) traffic and drop all traffic to 127/8 # that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT # ----------- BEGIN OF CUSTOM RULES ----------- # Add your custom rules here, e.g. port knocking, ignore netbios, etc. # # ------------ END OF CUSTOM RULES ------------ # log iptables denied calls (access via 'dmesg' command) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly # allowed policy: -A INPUT -j DROP -A FORWARD -j DROP COMMITNow you can activate these rules as described here.
Posts
No comments :
Post a Comment