iptables question
Mike Lovell
mike at dev-zero.net
Mon Nov 3 11:35:13 MST 2008
So while I was home a few weekends ago, I discovered that someone might
have done some somewhat shaddy things on my parents file server. (I was
a complete id10t for allowing ssh on port 22 with a weak password). I
cleaned up as much as I can find but as an additional measure, I want to
block all traffic from the server leaving the network except to a few
sites, like security.debian.org. I played with iptables on the router
(Linksys WRT54GL running OpenWRT) and am having a hard time getting
iptable to work the way I am expecting. Here is what I run.
iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT
<repeated a few times of ip addresses to white list>
iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP
After running these, the file server can still connect to other off
network ip addresses as if nothing happened. Any one know what I am
doing wrong with the iptables configuration? Thanks in advance for any help.
Mike
More information about the PLUG
mailing list