Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To clear: iptables -F (F is for flush)
Then set the policy for input and output as accept and drop respectively
iptables --policy INPUT accept
iptables --policy OUTPUT drop
Then on your output table set it to accept for the dport for the range of interest
iptables -p tcp --dport 192.168.100.0/24 -j ACCEPT
Once you have it running, use the iptables-save to save the configuration and iptables-restore to restore it automatically.
You may want to set the input to accept established and related instead of accept unless you think that nothing inbound from other sources will be a problem.
Sorry about the capitalization. It is hard to remember with iptables what has to be capitalized and what doesn't.
Actually.. this doesnt work at all. Except the "clear/flush" part.
Again, what I would like is this:
Quote:
Clear all IPtable rules
Allow anything incoming (so we can hit ssh, web etc..)
Allow anything outgoing to 192.168.100.0/24 network (so we can pull files from trust)
Do not Allow any outgoing anywhere else (so it doesnt go anywhere else)
Allow loopback (is that needed?)
Last edited by szboardstretcher; 02-24-2011 at 12:49 PM.
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -d 192.168.100.0/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j DROP
If you let me know what you are trying to do I will be able to build you a better firewall.
You could also look at lokkit for building your firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.