[plug] configing iptables

bob bob at contact.omen.com.au
Mon Jul 22 13:51:33 WST 2002


On Mon, 2002-07-22 at 12:46, Leon Brooks wrote:
<snip> 
> Monmotha will use iptables to firewall almost anything you like, up or not, 
> including `ppp+' for example.

OK, I've got monmotha going (I think there's something weird in how the
alpha reports some of the tests monmotha does) so I've twidled a few
bits and it now all seems to work ok ie iptables -L spews out a couple
of pages of rules.
 
> > iptables -A INPUT -i eth0 -p all -j ACCEPT
> > iptables -A OUTPUT -o eth0 -p all -j ACCEPT
> 
> > ... bunch of rules about services and ppp0 followed by...
> 
> > iptables -A INPUT -p all -s 192.168.0.0/16  -i ppp0 -j DROP
> > iptables -A INPUT -i ppp0 DROP
> 
> > ie, everything on eth0 is ok, anything arriving on ppp0 purporting to
> > be 192.168... is to be dropped as is everything else not already
> > covered.
> 
> Then also do at least these too:
> 
>     0.0.0.0/8
>     10.0.0.0/8
>     127.0.0.0/8
>     172.16.0.0/12

I would have though that if a network wasn't defined anywhere on a LAN
(ie hosts or dns don't know about 10.0.0.0/8) it wouldn't be able to be
dealt with. What happens if a host pops up on the LAN saying "Hi, I'm
10.0.0.10"? Ok, this I _know_ is a 3 day seminar at least :), pointers
gratefully received.

> I have a *big* list somewhere.

Of who's norty and who's nice ? :)
 
> > Is that ok? or is there a better way of doing what I want.
> 
> Yes, use Monmotha. (-: 10-15 answers, one run, all done :-)

Yep, seems to all be working now. 

Thanks.
 
> Cheers; Leon
> 
> 
-- 
bob
Cave canem...te necet lingendo.




More information about the plug mailing list