[plug] configing iptables

bob bob at contact.omen.com.au
Mon Jul 22 10:30:27 WST 2002


On Mon, 2002-07-22 at 10:08, Leon Brooks wrote:
> On Mon, 22 Jul 2002 09:53, bob wrote:
> > On Mon, 2002-07-22 at 09:12, Colin Muller wrote:
> > > For a more generic way to achieve what you want (blocking incoming on
> > > ppp0), look at:
> > > http://www.iptables.org/documentation/HOWTO/packet-filtering-HOWTO-5.html
> >
> > Hmm... ok, thanks. I do want to be able to share a few things with the
> > world though so this isn't going to be suitable for my situation.
> 
> Try http://monmotha.mplug.org/

Yep, tried that one already. Seems to be broken for debian :(.  

To reiterate, I've tried a bunch of firewall scripts and builders and
none of them do what I want. A lot are broken for debian and a lot can't
cope with the concept of firewalling ppp0 without ppp0 being up and
exposed before even talking about it.

Perhaps I should put my question again... (I know this'll probably wait
for tonight but I'd like a hint that I'm not barking up the wrong tree
:)

is it safe to do the following (and/or will it do what I expect)?

iptables -A INPUT -i eth0 -p all -j ACCEPT 
iptables -A OUTPUT -o eth0 -p all -j ACCEPT

... bunch of rules about services and ppp0 followed by...
 
iptables -A INPUT -p all -s 192.168.0.0/16  -i ppp0 -j DROP
iptables -A INPUT -i ppp0 DROP

ie, everything on eth0 is ok, anything arriving on ppp0 purporting to
be 192.168... is to be dropped as is everything else not already
covered. 

Is that ok? or is there a better way of doing what I want.
 
-- 
bob
Cave canem...te necet lingendo.




More information about the plug mailing list