"Proteus" <nospam@nowhere.net> wrote in message
news:jB9Ee.930$VG6.172@fe07.lga

> I could really use some help setting up a basic firewall using
> iptables. Yes I have RTFM (man iptables) and have read several docs
> off the net and pages from my Linux Bible and Network Security Bible,
> but for some reason my brain is somewhat mush putting it all
> together. If some kind souls here could help me walk through a basic
> set of iptables commands for a basic firewall I would be very
> grateful; I am willing to learn at each step, propose the commands,
> just could use some help telling me where I go wrong, etc.

http://physics.ramapo.edu/downloads/...8122002.tar.gz will be very
helpful to you. You'll need to create a startup/shutdown script for it, but
that's a fairly trivial task given the numerous other such scripts already
resident on your machine.

The only changes I'll suggest are to edit/comment the following lines:

/sbin/iptables -A INPUT -p tcp -i ${UPLINK} -j DROP \
#--reject-with tcp-reset
/sbin/iptables -A INPUT -p udp -i ${UPLINK} -j DROP \
#--reject-with icmp-port-unreachable

which will make your Internet interface invisible to all others, except
those who already have an ESTABLISHED,RELATED connection. Some here will
object to such a suggestion, but it's your machine to configure as you like.

Install the ip_conntrack_ftp.o kernel module by whatever means is
appropriate to your distro, e.g.:

/sbin/insmod ip_conntrack_ftp

and you're good to go. You can then edit that script to add whatever
functionality you need as you learn more.