Just setup a Pi3 with ethernet connection (100/100mb) to public internet and get a real ip4 adress. And Pi3 wifi as a theter point for internal devices and all works perfectly. But i want to know how secure the default fw rules are, and what can be done to tighten external port with new fw rules.
Can anyone give me some pointers how to change the fw rules?
Default it looks like below:
Code
LibreELEC (official): 9.2.6 (RPi2.arm)
Chuck:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere ctstate NEW
ACCEPT all -- 10.0.0.0/8 anywhere ctstate NEW
ACCEPT all -- 172.16.0.0/12 anywhere ctstate NEW
ACCEPT all -- 192.168.0.0/16 anywhere ctstate NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 anywhere ctstate NEW
ACCEPT all -- 172.16.0.0/12 anywhere ctstate NEW
ACCEPT all -- 192.168.0.0/16 anywhere ctstate NEW
ACCEPT all -- 10.0.0.0/8 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 172.16.0.0/12 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.0/16 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER-USER (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable