BendOverIGotYourBack
asked on
iptables Question - Default policy
Using the example below, all incoming packets are automatically dropped (ie ignored) for the workstation unless
-The packets are for udp ports 137 through 139 and originate from an IP address of 66.66.66.66
-The packets are for tcp port 445 and originate from an IP address of 66.66.66.66.
-The packets are used for loopback
Am I interpreting this correctly?
What is the established/related entry useful for?
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp -s 66.66.66.66 --dport 137:139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp - m tcp -s 66.66.66.66 --dport 445 -j ACCEPT
-The packets are for udp ports 137 through 139 and originate from an IP address of 66.66.66.66
-The packets are for tcp port 445 and originate from an IP address of 66.66.66.66.
-The packets are used for loopback
Am I interpreting this correctly?
What is the established/related entry useful for?
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp -s 66.66.66.66 --dport 137:139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp - m tcp -s 66.66.66.66 --dport 445 -j ACCEPT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER