[plug] configing iptables
bob
bob at contact.omen.com.au
Mon Jul 22 13:51:33 WST 2002
On Mon, 2002-07-22 at 12:46, Leon Brooks wrote:
<snip>
> Monmotha will use iptables to firewall almost anything you like, up or not,
> including `ppp+' for example.
OK, I've got monmotha going (I think there's something weird in how the
alpha reports some of the tests monmotha does) so I've twidled a few
bits and it now all seems to work ok ie iptables -L spews out a couple
of pages of rules.
> > iptables -A INPUT -i eth0 -p all -j ACCEPT
> > iptables -A OUTPUT -o eth0 -p all -j ACCEPT
>
> > ... bunch of rules about services and ppp0 followed by...
>
> > iptables -A INPUT -p all -s 192.168.0.0/16 -i ppp0 -j DROP
> > iptables -A INPUT -i ppp0 DROP
>
> > ie, everything on eth0 is ok, anything arriving on ppp0 purporting to
> > be 192.168... is to be dropped as is everything else not already
> > covered.
>
> Then also do at least these too:
>
> 0.0.0.0/8
> 10.0.0.0/8
> 127.0.0.0/8
> 172.16.0.0/12
I would have though that if a network wasn't defined anywhere on a LAN
(ie hosts or dns don't know about 10.0.0.0/8) it wouldn't be able to be
dealt with. What happens if a host pops up on the LAN saying "Hi, I'm
10.0.0.10"? Ok, this I _know_ is a 3 day seminar at least :), pointers
gratefully received.
> I have a *big* list somewhere.
Of who's norty and who's nice ? :)
> > Is that ok? or is there a better way of doing what I want.
>
> Yes, use Monmotha. (-: 10-15 answers, one run, all done :-)
Yep, seems to all be working now.
Thanks.
> Cheers; Leon
>
>
--
bob
Cave canem...te necet lingendo.
More information about the plug
mailing list