[gentoo-user] Is this firewall safe? - gentoo-user

From:	Marco <listworks@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Is this firewall safe?
Date:	Fri, 24 Apr 2009 15:28:38
Message-Id:	`93d30e950904240828t6e20bd22v2946d302c2cc5843@mail.gmail.com`

1

Hi all,

2

3

I set up my first firewall on my notebook (not running any services

4

reachable from outside) using iptables. Since I am new to the topic,

5

could you please verify if the output of 'iptables -L -v' is

6

considered to be a safe firewall? Thanks!

7

8

Chain INPUT (policy DROP 0 packets, 0 bytes)

9

 pkts bytes target     prot opt in     out     source

10

destination

11

    0     0 ACCEPT     all  --  lo     any     anywhere

12

anywhere

13

    0     0 ACCEPT     all  --  eth0   any     anywhere

14

anywhere            state RELATED,ESTABLISHED

15

    0     0 REJECT     tcp  --  eth0   any     anywhere

16

anywhere            reject-with tcp-reset

17

    0     0 REJECT     udp  --  eth0   any     anywhere

18

anywhere            reject-with icmp-port-unreachable

19

    0     0 DROP       udp  --  eth0   any     anywhere

20

anywhere            udp spt:bootps

21

    0     0 LOG        all  --  eth0   any     anywhere

22

anywhere            LOG level warning prefix `INPUT   '

23

    1    79 ACCEPT     all  --  wlan0  any     anywhere

24

anywhere            state RELATED,ESTABLISHED

25

    0     0 REJECT     tcp  --  wlan0  any     anywhere

26

anywhere            reject-with tcp-reset

27

    0     0 REJECT     udp  --  wlan0  any     anywhere

28

anywhere            reject-with icmp-port-unreachable

29

    0     0 DROP       udp  --  wlan0  any     anywhere

30

anywhere            udp spt:bootps

31

    0     0 LOG        all  --  wlan0  any     anywhere

32

anywhere            LOG level warning prefix `INPUT   '

33

34

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

35

 pkts bytes target     prot opt in     out     source

36

destination

37

    0     0 LOG        all  --  any    any     anywhere

38

anywhere            LOG level warning prefix `FORWARD '

39

    0     0 LOG        all  --  any    any     anywhere

40

anywhere            LOG level warning prefix `FORWARD '

41

42

Chain OUTPUT (policy ACCEPT 5 packets, 1691 bytes)

43

 pkts bytes target     prot opt in     out     source

44

destination

45

    0     0 ACCEPT     all  --  any    lo      anywhere

46

anywhere

47

    0     0 LOG        all  --  any    eth0    anywhere

48

anywhere            LOG level warning prefix `OUTPUT  '

49

    1    52 LOG        all  --  any    wlan0   anywhere

50

anywhere            LOG level warning prefix `OUTPUT  '

Subject	Author
Re: [gentoo-user] Is this firewall safe?	Eric Martin <freak4uxxx@×××××.com>
Re: [gentoo-user] Is this firewall safe?	Chris Frederick <cdf123@××××××.net>

Gentoo Archives: gentoo-user

Replies

1	Hi all,
2
3	I set up my first firewall on my notebook (not running any services
4	reachable from outside) using iptables. Since I am new to the topic,
5	could you please verify if the output of 'iptables -L -v' is
6	considered to be a safe firewall? Thanks!
7
8	Chain INPUT (policy DROP 0 packets, 0 bytes)
9	pkts bytes target prot opt in out source
10	destination
11	0 0 ACCEPT all -- lo any anywhere
12	anywhere
13	0 0 ACCEPT all -- eth0 any anywhere
14	anywhere state RELATED,ESTABLISHED
15	0 0 REJECT tcp -- eth0 any anywhere
16	anywhere reject-with tcp-reset
17	0 0 REJECT udp -- eth0 any anywhere
18	anywhere reject-with icmp-port-unreachable
19	0 0 DROP udp -- eth0 any anywhere
20	anywhere udp spt:bootps
21	0 0 LOG all -- eth0 any anywhere
22	anywhere LOG level warning prefix `INPUT '
23	1 79 ACCEPT all -- wlan0 any anywhere
24	anywhere state RELATED,ESTABLISHED
25	0 0 REJECT tcp -- wlan0 any anywhere
26	anywhere reject-with tcp-reset
27	0 0 REJECT udp -- wlan0 any anywhere
28	anywhere reject-with icmp-port-unreachable
29	0 0 DROP udp -- wlan0 any anywhere
30	anywhere udp spt:bootps
31	0 0 LOG all -- wlan0 any anywhere
32	anywhere LOG level warning prefix `INPUT '
33
34	Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
35	pkts bytes target prot opt in out source
36	destination
37	0 0 LOG all -- any any anywhere
38	anywhere LOG level warning prefix `FORWARD '
39	0 0 LOG all -- any any anywhere
40	anywhere LOG level warning prefix `FORWARD '
41
42	Chain OUTPUT (policy ACCEPT 5 packets, 1691 bytes)
43	pkts bytes target prot opt in out source
44	destination
45	0 0 ACCEPT all -- any lo anywhere
46	anywhere
47	0 0 LOG all -- any eth0 anywhere
48	anywhere LOG level warning prefix `OUTPUT '
49	1 52 LOG all -- any wlan0 anywhere
50	anywhere LOG level warning prefix `OUTPUT '