45.67.89 -j ACCEPT
# iptables -A INPUT -p ALL -i eth1 -s 10.0.0.0/24 -j ACCEPT
# iptables -A INPUT -p ALL -i eth1 -d 10.0.0.255 -j ACCEPT
The result of these commands is that any packets sent from the local host (lo) are
accepted, whether the source of those packets is the local host itself (-s 127.0.0.1),
an interface to the local LAN (-s 10.0.0.1), or the Internet (-s 323.45.67.89). The IP
addresses 10.0.0.1 and 323.45.67.89 are examples of local interfaces to those networks
(your addresses will probably be different). The last two lines indicate that the firewall
should accept input of packets that are from the private LAN (-s 10.0.0/24) or destined
for any address on that LAN (-d 10.0.0.255) network, respectively.
474
Choosing and Installing a Linux Distribution Part III
The 323.45.67.89 address is not a real IP address. You will replace it with the IP address
assigned from your ISP for your external Internet interface. No valid IP address can
include a part higher than 255.
The following commands define acceptable outgoing packets from the firewall computer:
# iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
# iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCEPT
# iptables -A OUTPUT -p ALL -s 323.45.67.89 -j ACCEPT
# iptables -A OUTPUT -p ALL -s 10.
Pages:
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930