LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   Use of Ip table command to block port in Fed 23 (https://www.linuxquestions.org/questions/fedora-35/use-of-ip-table-command-to-block-port-in-fed-23-a-4175576069/)

nix84 03-28-2016 05:32 PM
Use of Ip table command to block port in Fed 23
 
Found an open source bash intrusion detection script.
It blocks the port being accessed with an IP table command.
My experience a couple of years back with IP tables kept all commands in about 3 different groups. I wonder if this script would even work because the Fed 23 Firewall is in the kernel so would an IP table command even work?

tshikose 03-29-2016 03:12 AM
Hi,

I think you are not giving enough information for us to try to assist you with the problem you seem to have.

What I understood is that you have a bash intrusion detection script that block ports by using iptables command.
And actually you are wondering it will work on Fedora 23.

I do not know to which 3 different groups you are referring to that keep iptables commands.
And why you think that just in Fedora 23 is the firewall kept in the kernel. Packets have always been handled by the kernel, in Fedora 23 and as well in previous versions.

That said, in Fedora 23 all the ports are closed by default in the public zone with the firewalld daemon.
The exceptions are DHCP for IPv6 and SSH.
While you should not really be concerned about the first, the last can be a concern if you are using weak passwords that can be easily guessed or brute forced attacked.
By default Fedora 23 does not protect you against those threats.
Maybe you can just remove SSH from being accessible to your machine, if do not need such an access.

I hope my post will be helpful to you.

syg00 03-29-2016 03:48 AM
Quote:
Originally Posted by tshikose (Post 5522897)
I do not know to which 3 different groups you are referring to that keep iptables commands.
Maybe the chains - INPUT, OUTPUT, FORWARD ?.

To the OP - try the following list command, it should be enough to convince you to leave iptables well alone unless you are really comfortable with it- at least on Fedora
Code:
sudo iptables -L | less

nix84 03-31-2016 05:15 PM
Use of Ip table command to block port in Fed 23
 
@syg00: As I said I have built my own IPTABLE firewall but after a couple of years that stuff get fuzzy.
@tshikose: the question is as I am too distant from IPTABLE use and especially in F23: can an IPtable command function alone and independent from the INPUT, OUTPUT, FORWARD, NAT groups of the firewall. My feeling is that it can't. Especially with the kernel based one which may/not be IPTABLE in F23. Hopefully that clarifies the query.
BTW I have read that unless one is really using IPV6 it should be closed too. Also I have 2 open ports in F23 631 and 53 if that is meaningful.


All times are GMT -5. The time now is 05:59 PM.