I want iptables to filter only one interface, eth0, which is facing WAN. How can this be done? And I want to keep ftp and ssh ports open on eth0.
So for all interfaces but one you want to accept all traffic, and on eth0 you want to drop all incoming traffic except ftp and ssh.
First, we could reset your firewall rules.
Then we could set a policy of accepting all traffic by default.
iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT
Now we could say that we want to allow incoming traffic on eth0 that is a part of a connection we already allowed.
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Also that we want to allow incoming ssh connections on eth0.
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
But that anything else incoming on eth0 should be dropped.
iptables -A INPUT -i eth0 -j DROP
For slightly more depth see this CentOS wiki entry.
FTP is a trickier than ssh since it can use a random port, so see this previous question.
Leave a comment
- Windows File Permissions and Attributes
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address