0.0.0/24 -j ACCEPT
# iptables -A OUTPUT -p ALL -d 10.0.0.255 -j ACCEPT
As with the input commands, the firewall accepts outgoing packets that come from any of
the local firewall interfaces (127.0.0.1, 10.0.0.1, and 323.45.67.89). It also
accepts outgoing packets associated with destinations on the private LAN (10.0.0.0/24
and 10.0.0.255).
6. This last set of commands defines what packets that originated from the Internet are
allowed into the firewall. For packets attempting to enter your computer from the
Internet, you want to be more restrictive, allowing in packets only for services you want
to provide. Here are some examples of specific rules you might set to allow requests for
services from a server:
# iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j ACCEPT
# iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j ACCEPT
# iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j ACCEPT
# iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j ACCEPT
# iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
# iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
# iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
The first four lines open up the ports for the TCP services you want to provide to anyone
from the Internet: for FTP service (--destination-port 21), secure shell service (22),
Web service (80), and IDENTD authentication (113), the last of which might be necessary
for protocols such as IRC.
Pages:
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931