Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables firewall 1

Status
Not open for further replies.
roycrom

roycrom

Programmer
Aug 2, 2002
184
GB
Hello,

I am running GENTOO linux on kernel 2.6.12-r3, AMD64 3200+, 1Gb Ram, GeForce 6800GT.

I am connected to the internet via my Motorola SurfBoard 5100 Telewest Broadband modem, and it is the only computer I have at home.

My question is what rules should I have setup at the VERY LEAST for iptables? I currently don't need to SSH in so I don't need to open port 22. I just want to be sure I don't have a vulnerable computer as at the moment I am connecting to the net with no protection which is of course very bad practice [thumbsdown]

I have trawled the web, but could only come up with rules that configure the linux box as a gateway to a LAN, which is not what I want, I need rules for a standalone machine connected directly to the internet.

Hope you can help, thanks.

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Sort by date Sort by votes
I think if I were setting up a simple workstation that is not providing any services to any other machine, I would set up the rules:

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -d 127/8 -j REJECT --reject-with icmp-port-unreachable


That should allow anything to go out, but nothing to come in unless it's part of a communication that was started from the inside.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Wow sleipnir214, you may may have set a record for response time there, thank you very much.

That is more or less what I am looking for.

As I said, I have had my system unprotected for a short while now. What do you think the possibilty is that I have contracted something that may send info or requests without my knowledge. This set up would allow that if I understand this correctly. Should I be concerned about this?

Thanks again for you quick response.

------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla

roycrom :)
 
Upvote 0 Downvote
Insufficient data for a meaningful answer.

The chance that someone has gotten on your system depends upon the vaguaries of your ISP's customer base, your ISP's IP numbering scheme (does your broadband device get a routeable or non-routeable address), port-forwarding settings in your broadband connector, and other factors.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jamescpp
  • Locked
  • Question
Disabling Firewall/iptables on CentOS 7??
Replies
2
Views
300
jamescpp
jamescpp
G3rtech
  • Locked
  • Question
Help with iptables..
Replies
3
Views
91
geirendre
geirendre
thumpkidd9
  • Locked
  • Question
iptables NAT table not found
Replies
0
Views
77
thumpkidd9
thumpkidd9
centraladminman
  • Locked
  • Question
Firewall/Router software for Ubuntu
Replies
2
Views
68
jstreich
jstreich
delfy
  • Locked
  • Question
good linux firewall client
Replies
10
Views
111
zujuhu
zujuhu

Part and Inventory Search

Sponsor

Back
Top