Laurie Brown wrote: My firewalls are always dedicated boxes with custom and cut-down kernels, so I'm a bit hazy on using it on a "working" box, but I have scripts to share if you need them.
Yes Laurie, I certainly would be interested to see your scripts, so long as you are comfortable sharing them and don't feel you will be compromising your own security by doing so. I used the GUI to set up some default iptables rules (and have listed them below if you want to comment on them) so as to have a base set to work from to start my tweaking but am not sure what they mean yet as I haven't had time to read up on iptables yet. Being a home user I would not be interested in using the PC as a web/ftp server, nor infact offering any services to the internet at all, just sending and receiving email, browsing web pages and downloading files to the PC via the serial line modem dial-up link. My PC does also have an ethernet card linking it to a trusted network but this network does not need to send, nor receive, anything via the internet, and infact is only occasionally plugged in and used as I keep tripping over the wire!
Ian.
##### OUTPUT FROM "iptables -L" ##### Chain INPUT (policy ACCEPT) target prot opt source destination devchain all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain devchain (1 references) target prot opt source destination rulchain all -- anywhere anywhere rulchain all -- anywhere anywhere
Chain maschain (0 references) target prot opt source destination
Chain rulchain (2 references) target prot opt source destination DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:965 DROP udp -- anywhere anywhere udp dpt:958 DROP udp -- anywhere anywhere udp dpt:asipregistry DROP udp -- anywhere anywhere udp dpt:time DROP udp -- anywhere anywhere udp dpt:snmp DROP udp -- anywhere anywhere udp dpt:mdbs_daemon DROP udp -- anywhere anywhere udp dpt:ntalk DROP udp -- anywhere anywhere udp dpt:talk DROP udp -- anywhere anywhere udp dpt:blackjack DROP udp -- anywhere anywhere udp dpt:nfs DROP udp -- anywhere anywhere udp dpt:1024 DROP icmp -- anywhere anywhere icmp redirect DROP udp -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with tcp-reset ##### END OF OUTPUT #####