Hello all, first of all i'd like to wish you all happy holidays, and a merry belated christmas. Secondly, i'm trying to setup a centos 5.4 to act as: 1. firewall # can you check my config below and tell me if i missed anything? 2. DHCP # already configured 3. transparent squid proxy # already configured 4. http (virtual hosts) # in the near future 5. squirrelmail # in the near future - Relevant info: Two NICs: eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface I want my firewall to do the following: 1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box &/or my LAN 2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation i've searched a bit online, i must admit i never used iptables before (i thought of using firestarter as it's graphical and am no iptables guru, not even a novice user though i've installed my box with no X hence no graphical applications) i finally used bits an pieces and came up with the following: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED In_RULE_0 all -- anywhere 172.16.2.14 In_RULE_2 udp -- 192.168.57.1 anywhere udp multiport dports bootpc,bootps state NEW Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Cid1888X3970.0 udp -- 192.168.57.1 anywhere udp multiport dports bootpc,bootps state NEW Out_RULE_3 all -- 192.168.57.1 anywhere state RELATED,ESTABLISHED Cid1594X3970.0 all -- 192.168.57.1 anywhere state NEW Chain Cid1594X3970.0 (1 references) target prot opt source destination Out_RULE_4 all -- anywhere 172.16.2.14 Out_RULE_4 all -- anywhere 192.168.57.1 Chain Cid1888X3970.0 (1 references) target prot opt source destination Out_RULE_2 all -- anywhere 172.16.2.14 Out_RULE_2 all -- anywhere 192.168.57.1 Chain In_RULE_0 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 0 -- DENY ' DROP all -- anywhere anywhere Chain In_RULE_2 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 2 -- ACCEPT ' ACCEPT all -- anywhere anywhere Chain Out_RULE_2 (2 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 2 -- ACCEPT ' ACCEPT all -- anywhere anywhere Chain Out_RULE_3 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 3 -- ACCEPT ' ACCEPT all -- anywhere anywhere Chain Out_RULE_4 (2 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix `RULE 4 -- ACCEPT ' ACCEPT all -- anywhere anywhere