Iptables [Archive] - FedoraForum.org

View Full Version : Iptables

mrg

2004-04-24, 01:27 AM CDT

Hi,

Could anyone tell me how to set my iptables script so that it drops any incoming requests.

Do I just replace my current script with:

-A RH-Firewall-1-INPUT -j REJECT

Here is the script in full:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Many thanks!!

(PS Should I run any anti-virus on Fedora, can anyone recommend anything?)

Linux localhost.localdomain 2.4.22-1.2188.nptl

mhelios

2004-04-24, 06:01 AM CDT

Basically, if you drop _all_ requests, your PC won't function properly. Your best solution id to disable _all_ services that you have no need for. If you have no need for any servers on the system, disable them. FC1 uses stateful packet filtering rules, so access can be refined much more better.

As for anti-virus, I recommend ClamAV.It can integrate into sendmail as a milter and is great for all Linux virus purposes (Considering Virii aren't such a big focus on Linux platforms atm).

Jman

2004-04-24, 02:38 PM CDT

Considering you make your own firewall script it might not be the solution for you, but the graphical System Settings > Security Level works. Just set it to High. It's not easily customizable, though.

mrg

2004-04-24, 04:24 PM CDT

Thanks. I have disabled unrequired services and have set the security level. Although I may need to do some more reading around this subject.

Thanks again :)

Jman

2004-04-24, 10:35 PM CDT

With an agressive firewall and few services Linux can be even more secure.

If you want a customizable graphical firewall I recommend Firestarter. Here's (http://www.fedoraforum.org/forum/showthread.php?s=&threadid=1435) my howto of how to install it.

Ned

2004-05-17, 05:45 PM CDT

Here's a very simple script I wrote to initialise iptables to reject all unsolicitated incoming connections whilst still allowing outgoing connections (web, ftp etc). I've commented it for you. Feel free to use as is or to modify :)

#!/bin/bash
# iptables configuration file
# Ned, 2004
# Feel free to use or modify

# First flush all current rules from iptables
#
iptables -F

# Set default policies for INPUT, FORWARD and OUTPUT chains
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Accept packets belonging to established and related connections
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Set access for localhost
#
iptables -A INPUT -i lo -j ACCEPT

# Save settings with /sbin/service iptables save
/sbin/service iptables save

# List iptables chains with iptables -L -v
iptables -L -v

Ned