[Samba] RE: RE: firewall
Ulrich Kohlhase
Ulrich.Kohlhase at t-online.de
Mon Nov 4 02:30:02 GMT 2002
Justin,
> Well, still no go. I've attached the script I used to create the
> firewall. Tcpdump still shows an icmp packet going back to
> the queried machine to say the UDP port is unreachable.
...
> /sbin/iptables -A INPUT -i lo -j ACCEPT
> /sbin/iptables -A INPUT -i wlan0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A INPUT -p tcp -m tcp --syn -j REJECT
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> /sbin/iptables -A INPUT -p udp -m udp -j REJECT
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ooops ;-)), you're sure you want to have these rules at the end of your
script ??
> Can anyone comment on what the -m flag is for?
Quoting from the iptables man page:
-----------------------------------
MATCH EXTENSIONS
iptables can use extended packet matching modules. These
are loaded in two ways: implicitly, when -p or --protocol
is specified, or with the -m or --match options, followed
by the matching module name; after these, various extra
command line options become available, depending on the
specific module.
-----------------------------------
Please have a look at the following website for a couple of great
tutorials and FW script examples. I'd personally recommend reading Oskar
Andreasson's tutorial also:
www.netfilter.org/documentation/index.html#tutorials
www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.htm
l
Good luck,
Uli
More information about the samba
mailing list