Tweaking a newly-flashed OpenWRT firewall
The goal here is to make the system as transparent to a network scan as possible (ie. GRC's Shield's Up).
1. Replace...
...with...iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j DROP
2. Replace...
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
...with...
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -j DROP
iptables -A INPUT -j DROP
posted by Jason C. Miller @ 1:38 PM
1 comments
1 Comments:
One issue though with your idea, the rules in the INPUT chain gets flushed when a interface goes up or down.
Post a Comment
<< Home