BeerCheeze
Rated XXX
|
 Posted: Mon, 14 May 2007 21:16:39 Post Subject: |
 |
|
You also want to drop anything on eth1 coming from an RFC-1918 address (I'm not giving you those, because I want you to look them up... so you remember what it is in case you don't already know it).
Also DHCP (Bootp) doesn't use TCP, no need to allow that. If you have a static IP, you shouldn't need that at all.
You are allowing ssh from the internet, are you sure you want that?
Also this: | Quote: | # accept all other public ports
/sbin/iptables -A INPUT -p tcp -i eth1 --dport 1024: -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth1 --dport 33434: -j ACCEPT |
appears strange. Is there a reason for it? What is running on 1025/tcp and 33434/udp It makes it sound like it's taking all ports, but I don't think so. Not sure of the syntax.
That's a good look through your config with out looking at syntax that is.  If I think of anything else I'll let you know. |
|
