[Gllug] Basic Firewall Policy
Harry Mantheakis
harry at mantheakis.freeserve.co.uk
Tue Feb 17 12:26:13 UTC 2004
Just for the record, I bit the bullet and cobbled together a firewall
script, using examples from books, Google, and other GLLUGers.
It seems to be doing its job.
The only trivial thing that had me stumped was how to 'nat' loopback
packets.
I was port-forwarding incoming packets with this rule:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
But HTTP packets from localhost were being ignored, which was inconvenient.
Eventually I stumbled on this solution, which involves redirecting the
loopback packets on their way out:
iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT
--to-ports 8080
Hey ho...
Harry Mantheakis
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list