A OUTPUT -o wlan0 -d 10.10.1.0/24 -m state -state NEW,RELATED,ESTABLISHED -j ACCEPT A OUTPUT -o eth0 -d 10.10.1.0/24 -m state -state NEW,RELATED,ESTABLISHED -j ACCEPT A OUTPUT -o bond0 -d 10.10.1.0/24 -m state -state NEW,RELATED,ESTABLISHED -j ACCEPT # Access to LAN should be allowed via any interface really. A OUTPUT -d -p udp -dport 443 -m state -state NEW,RELATED,ESTABLISHED -j ACCEPT -m comment -comment "VPN GW" # However, before that, we need to connect to a VPN gateway. # Basically, we want only encrypted VPN traffic to be allowed to leave (via tun0). A OUTPUT -p icmp -m icmp -icmp-type any -j ACCEPT A OUTPUT -o lo -d 127.0.0.0/8 -j ACCEPT -m comment -comment "local" A FORWARD -j REJECT -reject-with icmp-port-unreachable A FORWARD -j LOG -log-level 4 -log-prefix "iptables_forward " A INPUT -j REJECT -reject-with icmp-port-unreachable A INPUT -j LOG -log-level 4 -log-prefix "iptables_input " A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT A INPUT -p icmp -m icmp -icmp-type 8 -m limit -limit 20/second -j ACCEPT A INPUT -s 10.0.0.0/8 -p tcp -m state -state NEW -dport 22 -j ACCEPT A INPUT -i lo -j ACCEPT -m comment -comment "local" # My eth0 and wlan0 interfaces are bonded (bond0) # have to do "iptables -F" and need all traffic to come and leave # Default INPUT and OUTPUT are set to ACCEPT because I sometimes Below are my Debian PC rules as an example. # iptables -t mangle -X Setup a New Configuration for IPv4 and Apply New RulesĬreate a file to store configuration: # touch /etc/iptables.up.rulesĪdd iptables rules to /etc/iptables.up.rules. Show Current Configuration for IPv4 # iptables -t filter -nL Save Current IPv4 Rules to a Backup File # iptables-save > /root/ Flush and Delete any Existing Chain Configuration for IPv4 # iptables -F Set up iptables firewall rules for inbound and outbound IPv4 traffic on a Debian PC (no routing).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |