how can I write a iptables rule to protect all the machines on the network from getting ddos's/port scanned
Date: 30 Mar 2012 07:00
Number of posts: 3
RSS: New posts
Tomato has a very hard iptables ruleset. The only way to harden it more is unplug the wan cable and pour cement into the wan port.
Pedants will point out that Tomato doesn't have a firewall as such - just a bunch of packet filters, but yes they do block out a lot of probes from the Internet to your WAN IP. Every site you visit on the internet tells the remote server your IP is active and what OS/browser you are using - which can easily make you a target for known vulnerabilities.
Tomato router can't filter LAN-to-LAN connections - one infected machine on the LAN will hack away at all others.
Tomato doesn't have much in way of outgoing firewall, allows an infected machine to send out messages and happily accepts any reply in response, not an alternative to PC anti-virus/firewall.
Using malware host bock lists and OpenDNS etc can make it harder for users to inadvertently contact dodgy sites by name - but if you know the IP address…
You are not paranoid - there really is someone out there trying to get you!