[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

discuss: WHATIS documents (was Re: Small Netserver HOWTO)

Previous by date: 27 Nov 2003 14:06:56 -0000 Re: looking for an editor, Rodolfo J. Paiz
Next by date: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Rodolfo J. Paiz
Previous in thread: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Martin WHEELER
Next in thread: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Rodolfo J. Paiz
Subject: Re: WHATIS documents (was Re: Small Netserver HOWTO)
From: Gilles LAMIRAL ####@####.####
Date: 27 Nov 2003 14:06:56 -0000
Message-Id: <3FC604F9.583AC2A3@free.fr> 
Hello,

"John R. Daily" wrote:

> These documents (WHATIS, perhaps, instead of HOWTO) would be
> fairly short,
> These could either be included directly into or referenced by a
> HOWTO.  Effectively, they would be reusable modules.

I think this WHATIS document should be the first chapter
of any HOWTO. Another chapter could be "For The Impatient".
An other important one is "Prerequisites".

For example, the Firewall. 

Whatis:
=======

A Firewall is ...

Prerequisites:
==============

- iptables software and linux kernel 2.4
- a working Internet connection (ppp0 here but can be another
  interface).
- writing a shell script.
- basic linux tcp/ip knowledge.

For The Impatient:
==================

Howto to :
- share an Internet connection on "ppp0" interface.
- allowing any output traffic anywhere.
- disabling any input traffic from the Internet
  (except the responses of your output traffic).
- allowing any input traffic except from the Internet.

iptables -F                 # Flush all previous settings
iptables -t nat -F          #
iptables -t mangle -F       #
iptables -P INPUT DROP      # By default, refuse any input.
iptables -P FORWARD ACCEPT  #  
iptables -P OUTPUT ACCEPT   # 
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # "share" your internet @ip
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward # be a gateway.

In case you want to allow an incoming traffic on a tcp port 
(ssh here):

iptables -A INPUT --protocol tcp --dport ssh -j ACCEPT

Remark : This setup does not prevent your network against
viruses received by email or again any "bad" things done
from inside your network.

Just one page.
Sorry for my bad english.

-- 
Au revoir,                                  33 (0) 2 99 78 62 49
Gilles Lamiral. France, L'Hermitage (35590) 33 (0) 6 20 79 76 06
http://www.sri.ucl.ac.be/SRI/frfc/rfc1855.fr.html
Previous by date: 27 Nov 2003 14:06:56 -0000 Re: looking for an editor, Rodolfo J. Paiz
Next by date: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Rodolfo J. Paiz
Previous in thread: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Martin WHEELER
Next in thread: 27 Nov 2003 14:06:56 -0000 Re: WHATIS documents (was Re: Small Netserver HOWTO), Rodolfo J. Paiz
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
  ©The Linux Documentation Project, 2014. Listserver maintained by dr Serge Victor on ibiblio.org servers. See current spam statz.