Morgan Sales wrote:
> iptables -N block
Here you might add:
iptables -A block -m state --state INVALID -j LOG --log-prefix "Invalid
packet: "
> iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
> iptables -A block -j DROP
> iptables -A INPUT -j block
> iptables -A FORWARD -j block
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> I'm trying to open TCP port 4662(inbound) to any IP address. Can anyone
> tell how I might do this.
iptables -I 2 block -p tcp --dport 4662 -j ACCEPT
(which inserts the rule at the second position of the block chain, thus the
packets are let through after they are subjected to cursory inspection
(invalid packets are dropped)).
HTH. If not the RTFM:
http://www.netfilter.org/documentation/index.html#HOWTO (recommended in any
case)
-Timo
PS. If you are interested, I can mail you my firewall script which I wrote
for the firm I work for... nobody has complained and the router has not been
0wn3d/h4x0r3d/r00ted/whatever. I wonder what would happen if I started using
the user account r00t... ;-)
--
Timo Voipio | Helsinki, Finland | ICBM at: 60 11.800 N 024 52.760 E
GeekCode ver 3: GU>CC d s-: a--- C++ UL(+)$>+++$ P+>+++ L++(+) E- W++ N++
o? K? w O M- V- PS PE Y+ PGP+ t 5++ X R tv- b++(++++) DI+ D G e- h! r !y
Remove +newsharvested to e-mail me | Poista +newsharvested jos meilaat
Similar Threads
Linear Mode
