hello team:

i need help to check my rules for iptables (converted from ipfw). what i intend to do is to specify specific rules first (drop or accept) then drop (and log) anything else:

sudo iptables -A INPUT -i lo -j ACCEPT


sudo iptables -A INPUT -d 127.0.0.0/8 -j DROP


sudo iptables -A INPUT -s 127.0.0.0/8 -j DROP


sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


sudo iptables -A INPUT -i em0 -p tcp -m state --state NEW --source 192.168.1.0/24 --dport 22 -j ACCEPT


sudo iptables -A INPUT -i em0 -p tcp -m state --state NEW --source 100.100.100.0/24 --dport 22 -j ACCEPT


sudo iptables -A INPUT -i em0 -p icmp -m state --state NEW --source 192.168.1.0/24 -j ACCEPT

sudo iptables -P INPUT DROP


sudo iptables -P FORWARD DROP

thanks

_dave