Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
I am trying to make some basic rules for a desktop computer firewall that will be easy to set up and offer basic security. If there is something I should change, please don't hesitate to let me know.
#Allow localhost connections to the loopback interface
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -i lo -j ACCEPT
#Allow established sessions to receive traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allow all outbound connections
iptables -A OUTPUT -j ACCEPT
#Drop all other incoming network traffic
iptables -A INPUT -j DROP
#Log iptables denied calls
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
[HowTo] Install and configure Debian bookworm Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
except that I am allowing certain services from the local subnet. It looks like those rules are for a non NATed computer with only one network connection, that connected to your ISP's network. For that use case, it looks OK to me.
except that I am allowing certain services from the local subnet. It looks like those rules are for a non NATed computer with only one network connection, that connected to your ISP's network. For that use case, it looks OK to me.
Could you please elaborate? Is there a problem using this configuration on e.g. a public wifi?
[HowTo] Install and configure Debian bookworm Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
No, you should be fine on a public wifi, as long as you don't want to provide any services. If you don't know whether or not you want to do that, then you don't want to.
This computer is on a static, wired network, and providing some services to that LAN.