-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sep 17, 2010, at 4:57 PM, David wrote:
> Hi, I am taking a class on Linux networking and I am studying using
> iptables as firewalls. I am having problems when setting the
> default policy. When I type iptables -P INPUT DROP the lab server
> hangs. I cannot ctrl Z, ctrl C or anything to get it to respond. I
> have to revert the VM firewall server. I think I am telling the
> server to DROP ALL input and not just what isn't a iptable match.
> Do I need to tell it the the INPUT DROP is for the nics, eth0, eth1,
> eth2?
>
> Could really use a point in the right direction.
>
> Thanks
>
> David
>
David,
What your doing with that command is instructing iptables to set
policy for the input chain. And for that policy you have instructed
that all packets be dropped. Which is ok, it's how I run my firewall
also. Your on the right track.
Your solution is to follow up with some allow rules. With out any
allow rules the standard policy takes total effect. Like if you wish
to allow a specific IP address in you could say something like this
iptables -P INPUT DROP
iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -m state --
state NEW,ESTABLISHED,RELATED -j ACCEPT
Which is an example listing from my firewall rules script
Good luck with this project! it's fun
Kristen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
iEYEARECAAYFAkyUOAgACgkQF1wXlvLxlNiV8QCcDQWZTa63mnKyuluVegudkxJR
PuEAn2rv3KUAkDpuY9GJ1Ai9Wvu+2a0R
=MYWb
-----END PGP SIGNATURE-----
No comments:
Post a Comment