Difference between revisions of "Firewall"
From Organic Design wiki
(add an example pinhole) |
(new syntax for negation) |
||
Line 15: | Line 15: | ||
# Allow established connections, and those not coming from the outside | # Allow established connections, and those not coming from the outside | ||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
− | iptables -A INPUT -m state --state NEW -i | + | iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT |
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT | iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
Revision as of 04:45, 17 November 2009
This is a basic firewall which works for most Linux distro's. It's based on the Setting up a simple Debian gateway article from debian-administration.org and assumes eth0 to be the external WAN interface and eth1 the internal LAN interface. On Debian based machines, save this script as /etc/network/if-up.d/00-firewall and it will execute whenever the networking starts up.