Fajar, I really appreciate all the detailed help here! I have some questions.
Hi JLC, There are 2 ways to implement firewall: negative list and positive list. Looks like you want a very strict one that is positive list.
Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please mind the word wrap): #Clear all rules and policies first: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -t nat -F
I misunderstand this, if the default policy is to accept, then how does this work (I thought it was wise to make it Drop)? In terms of Cisco ACL's, how does iptables work, does it simply continue processing until it sees something explicitly denying if the default policy is ACCEPT, versus DROP, will it continue processing until it sees something explicitly allowing?
#Finally dropping all other traffic (positive list firewall): iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
So here you know restate the default policy? I thought you could only define this once?
If for some reason you want to clear the iptables, run this command: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F
Does this -F not reset the above stated policy?
iptables -t nat -F service iptables save
Thanks so much! jlc