[Gllug] iptables
Chris Bell
chrisbell at overview.demon.co.uk
Wed Nov 10 11:19:32 UTC 2004
On Tue 09 Nov, Adrian McMenamin wrote:
>
> On Sunday 07 Nov 2004 19:31, Chris Bell wrote:
> > Hello,
> > I am trying to set up a transparent bridge with iptables which carefully
> > specify which IP addresses are INPUT or FORWARDed, and ACCEPTed,
> > restricted, or DROPped, when connected to specific ethernet interfaces. I
> > have entered a set of rules such as
> >
> > iptables -A FORWARD -i eth1 -s 192.168.0.1 -o eth0 -j restrict
> >
> What is the restrict target? I am not familiar with that at all. Is there a
> decent online reference?
>
> Adrian
I am trying to place a transparent bridge with very minimal iptables
rules between my modem and my real firewall box. This is probably not
needed, but there is one good way to get practise doing it. I want the
bridge to work unseen and without a keyboard, but do not want the bridge to
be accessible directly from either the internet, or my internal network via
the firewall, so it will be accessible only via an independant link.
I want it to check the source IP addresses of all packets arriving at
every interface and drop any invalid packets, and also provide relevant
protection against Syn-flood, Ping of Death, and Furtive Port Scanning, so I
created a new table which I called "restrict" in the correspondence. There
will not be any error or bounce messages from the box, it will either ignore
or transparently pass packets.
It is the result of too much time spent reading O'Reilly books on
firewalls, the netfilter HOWTOs, "man iptables", and /usr/share/doc/iptables
in Debian Sarge.
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list