[plug] configing iptables
William Kenworthy
billk at iinet.net.au
Mon Jul 22 15:11:52 WST 2002
I have used monmotha on Mandrake and gentoo with no problems, and it
seems easily the best of the generic scripts with a only few minor mods
needed to match my requirements (tunneling). What part doesnt work with
debian?
BillK
On Mon, 2002-07-22 at 10:30, bob wrote:
> On Mon, 2002-07-22 at 10:08, Leon Brooks wrote:
> > On Mon, 22 Jul 2002 09:53, bob wrote:
> > > On Mon, 2002-07-22 at 09:12, Colin Muller wrote:
> > > > For a more generic way to achieve what you want (blocking incoming on
> > > > ppp0), look at:
> > > > http://www.iptables.org/documentation/HOWTO/packet-filtering-HOWTO-5.html
> > >
> > > Hmm... ok, thanks. I do want to be able to share a few things with the
> > > world though so this isn't going to be suitable for my situation.
> >
> > Try http://monmotha.mplug.org/
>
> Yep, tried that one already. Seems to be broken for debian :(.
>
> To reiterate, I've tried a bunch of firewall scripts and builders and
> none of them do what I want. A lot are broken for debian and a lot can't
> cope with the concept of firewalling ppp0 without ppp0 being up and
> exposed before even talking about it.
>
> Perhaps I should put my question again... (I know this'll probably wait
> for tonight but I'd like a hint that I'm not barking up the wrong tree
> :)
>
> is it safe to do the following (and/or will it do what I expect)?
>
> iptables -A INPUT -i eth0 -p all -j ACCEPT
> iptables -A OUTPUT -o eth0 -p all -j ACCEPT
>
> ... bunch of rules about services and ppp0 followed by...
>
> iptables -A INPUT -p all -s 192.168.0.0/16 -i ppp0 -j DROP
> iptables -A INPUT -i ppp0 DROP
>
> ie, everything on eth0 is ok, anything arriving on ppp0 purporting to
> be 192.168... is to be dropped as is everything else not already
> covered.
>
> Is that ok? or is there a better way of doing what I want.
>
> --
> bob
> Cave canem...te necet lingendo.
>
--
William Kenworthy <billk at iinet.net.au>
Home
More information about the plug
mailing list