# IP Tables - how would i......

## FizzyWidget

...go about setting up iptables so that it will block absolutely everything from the outside world except for a few friends and families ip addresses?

I did have a script for this on slackware ages ago, but have since lost it and the one i pieced together for gentoo, and the last time i tried i blocked everything, even from inside the network   :Embarassed: 

so thought it would be best to ask this time  :Smile: 

Only ports i would require would be for web, ftp and pasv ports for ftp, even though i am behind a router i would like a second line of defence  :Smile: 

----------

## magic919

Do

1.  A rule allowing related/established.

2.  A rule permitting localhost.

3.  A rule permitting your LAN subnet

4.  Number of rules allowing source addresses that belong to your trusted folk.  I guess ports don't really matter here.

5.  Final rule drops the rest or make default policy drop.

----------

## FizzyWidget

will try and sort something out in the morning, too tired to start messing with iptables now  :Wink: 

----------

## d2_racing

Post your script when you done.

----------

## 22decembre

do someone know how to config the /etc/init.d/iptables scripts ?

I have set my own iptables, which I find quite good, but I think the script there could be better if I know how to make !

----------

## Inodoro_Pereyra

Just code all your stuff and when is done and iptables is running issue:

```
/etc/init.d/iptables save
```

Your current script will be saved in /var/lib/iptables/rules-save.

After that you can control the iptables service as usual, and add it to a specific runlevel if needed.

Cheer!

----------

## charles17

 *22decembre wrote:*   

> do someone know how to config the /etc/init.d/iptables scripts ?

 You'd better not modify /etc/init.d/iptables. Run 

```
# /sbin/iptables [options]

(# /sbin/ip6tables [options])
```

instead and consult

```
$ man 8 iptables

($ man 8 ip6tables)
```

.

----------

