If you see a complex
set of firewall rules, you might consider using a different machine to try this.
3. These three commands change the default behavior for how packets are filtered for your
computer:
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP
CAUTION
473
Running a Linux Firewall/Router 18
In this example, the default behavior is changed such that all packets that come into your
network interfaces (INPUT), go out of your network interfaces (OUTPUT), or request to
travel through them (FORWARD) are dropped. At this point, no packets should be able to
come in or go out of any network interfaces. You can run iptables -L again to see that
all policies have changed from ACCEPT to DROP. (If this concerns you, don??™t worry. You
can run the commands again, changing DROP to ACCEPT, to make your firewall wide
open once more. Likewise, a reboot gets you back to your original state.)
4. This step configures how your firewall will accept or reject ICMP packets. ICMP (Internet
Control Message Protocol) messages are for reporting error conditions and controlling
connections to your server. Your server receives ICMP packets from computers that want
to find out the state of your machine, such as if the machine is currently accessible.
Pages:
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928