Reply To: Firewall Configuration – No internet, just internal networks

Home Page Forums Network Management Networking Firewall Configuration – No internet, just internal networks Reply To: Firewall Configuration – No internet, just internal networks

#47647

bbozo
Member

It is a bad idea to make any of the default chains DENY.

you should first make rules that allow traffic (there are almost always less things you want to allow then deny) and after that add deny rules. watch for sequences numbers.

INPUT chain deals with traffic that has its destination the firewall IPs
FORWARD chain deals with traffic that has its destiantion IPs different from firewalls
OUTPUT chain deals with traffic coming from firewall

this is simple explanation there are many other things to consider.

for your exapmle:
fwd chain
input ETH00
Protocol Matching: chose source or destination ports you want to allow
for examle if you would allow http then you chose destination port 80 protocol tcp
Action: allow

hope this helps