iptables question

Mike Lovell mike at dev-zero.net
Mon Nov 3 11:35:13 MST 2008


So while I was home a few weekends ago, I discovered that someone might 
have done some somewhat shaddy things on my parents file server. (I was 
a complete id10t for allowing ssh on port 22 with a weak password). I 
cleaned up as much as I can find but as an additional measure, I want to 
block all traffic from the server leaving the network except to a few 
sites, like security.debian.org. I played with iptables on the router 
(Linksys WRT54GL running OpenWRT) and am having a hard time getting 
iptable to work the way I am expecting. Here is what I run.

iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT
<repeated a few times of ip addresses to white list>
iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP

After running these, the file server can still connect to other off 
network ip addresses as if nothing happened. Any one know what I am 
doing wrong with the iptables configuration? Thanks in advance for any help.

Mike



More information about the PLUG mailing list