nixCraft

Hi Everyone,

I need some help in IPTABLES. I have 5 machines running Linux. I have to configure iptables on all the machines in such a way that only the ports (+ any necessary port used by our product (I'm a product Tester) has to be opened in all the machines. All the five machines should ACCEPT requests only among themselves and should DROP all requests from any other machine in the network. I tried IPTABLES and i'm struck & unable to proceed. Please let me know some basic rules so that i can configure iptables on all 5 machines to comply with my requirement.

regards,
vasanth

Well rules are quite simple

Close all the doors and open the windows i.e ports.

# first it following 3 ruls will close everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Next allow unlimited traffic on both loopback
iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -d 127.0.0.1 -j ACCEPT

# Now open rest of the ports
# for example to open port 80 for everyone use
ip="192.168.1.5" # IP of your www service
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $ip --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -s $ip --sport 80 -d 0/0 --dport 1024:65535 -j ACCEPT

This the way set the rest of firewall