first go at iptables (a few questions) [SOLVED]

[pixie]

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 113 -j REJECT
iptables -A FORWARD -p tcp --dport 113 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Have I made a really huge fuckup in this anywhere? Anything I should add It's for my workstations. The intention is I just do online things with them but I can ping or ssh into them from anywhere.

I am not sure if I will have to specifically ACCEPT on bitorrent ports though. Would that come under ESTABLISHED,RELATED or do I need to accept TCP on them?

[pixie]

alright.... got a problem.

NFS is taking a stupid amount of time to start at boot*. Any NFS specfic things I should do to iptables?

*[edit] took about 20 minutes to boot. but me nfs mount IS mounted.

[triwebb1]

I don't see any problems with that, but why are you rejecting port 113? The default policy is to drop it anyway, so you don't need that rule.

Regarding NFS........ I don't know much of anything about it. You should do a little research to find out if it uses TCP or UDP (I think it does). If it does, then it will use a certain port, and that means you should allow that port in iptables. If it does use TCP/UDP, then I don't know how it is booting now, unless it is booting from a local file or something.........

Hope this helps

[pixie]

Yeah, those ones are gone now. I must have picked them up somewhere when I was looking around before it twigged exactly what I was doing. Possibly got left over from my first try.

I don't get the NFS problems I have with the firewall up at al.

[pixie]

and award for idiot of the months goes to.......

ME

I forgot to allow INPUT from localhost.