[Gllug] Basic Firewall Policy

Harry Mantheakis harry at mantheakis.freeserve.co.uk
Tue Feb 17 12:26:13 UTC 2004

Just for the record, I bit the bullet and cobbled together a firewall
script, using examples from books, Google, and other GLLUGers.

It seems to be doing its job.

The only trivial thing that had me stumped was how to 'nat' loopback

I was port-forwarding incoming packets with this rule:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

But HTTP packets from localhost were being ignored, which was inconvenient.

Eventually I stumbled on this solution, which involves redirecting the
loopback packets on their way out:

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80  -j REDIRECT
--to-ports 8080

Hey ho...

Harry Mantheakis

Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list