Comments on: How do I build a Simple Linux Firewall for DSL/Dial-up connection?

By: Paul

Paul — Fri, 31 Jul 2009 05:53:04 +0000

Standard practice with firewall rules, is to setup a default reject (fail safe) – and then an explicit reject rule. That way, if your rules don’t load properly, things get dropped by default. And when you’re looking over your rules – you can see your explicit reject, and not rely on the default (which is usually much earlier in the file, and not visible), just in case you forgot it, or it got changed on an upgrade or something silly like that…

It’s about safety/security, which is what firewalls are for.

By: Blingbling

Blingbling — Tue, 08 Apr 2008 07:40:50 +0000

Why oh why do you first decide to drop all incoming packages that no other rule take care of (the policy) and then later on, just forget about this and set a “reject” for everything in step 4?

By: Chris

Chris — Tue, 06 Nov 2007 21:21:47 +0000

Code in step 2 is incorrect:
iptables -A OUTPUT -i lo -j ACCEPT

cannot use -i with OUTPUT,
should read:
iptables -A OUTPUT -o lo -j ACCEPT

By: ganesh

ganesh — Wed, 16 Nov 2005 23:24:00 +0000

I must agree with LinuxTitli, with this samll script one can understand how linux firewall works. Good work, IMPO

By: LinuxTitli

LinuxTitli — Thu, 03 Nov 2005 09:58:00 +0000

Agreed. Howerver, they are only useful if you understand basis of iptables otherwise you can harm yourself more than the protecting yourself. And that is why you need to understand the iptables, once done it you can go for tools or ready to use scripts out there. Besides writing your own script saves more time in long run, IMPO.

By: Anonymous

Anonymous — Wed, 02 Nov 2005 21:49:00 +0000

There are many programs that automate the iptables process quite well and still allow for advanced rules. Check out shorewall.