1 |
Harry wrote: |
2 |
|
3 |
>> Wait... I'm pretty sure there are a few lines of IPTABLES code that |
4 |
>> will do what you want. |
5 |
>> |
6 |
>> I remember using something with IPTABLES that made any connections |
7 |
>> from internet only happen in response to requests from your localhost. |
8 |
>> I don't remember the lines now but someone might post it. |
9 |
|
10 |
Mick replied: |
11 |
|
12 |
> The lines already posted will do just that. If you want to additionally stop |
13 |
> any intruder spoofing a localhost address on your NIC and getting in you |
14 |
> could add: |
15 |
> |
16 |
> iptables -A INPUT -i !eth0* -j ACCEPT |
17 |
|
18 |
OOPs... I took your earlier comment (below) to be applied to what was posted |
19 |
but I see now you were only referencing a single line: |
20 |
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT |
21 |
|
22 |
Andry F. wrote: |
23 |
|
24 |
>>> iptables -P INPUT DROP |
25 |
>>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
26 |
>>> iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT |
27 |
>>> iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT |
28 |
|
29 |
Mick replied: |
30 |
|
31 |
>>> iptables -P INPUT DROP |
32 |
>>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
33 |
>>> iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT |
34 |
|
35 |
>> This line is only needed if you want to forward packets to another |
36 |
>> iface/device (i.e. when your laptop is acting as a router and the input |
37 |
>> interface is eth0). |
38 |
|
39 |
[...] |
40 |
|
41 |
Thanks for the <snipped> other pointers |
42 |
|
43 |
-- |
44 |
gentoo-user@g.o mailing list |