LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   edit iptables rules (http://www.linuxquestions.org/questions/linux-networking-3/edit-iptables-rules-4175462024/)

niteen 05-15-2013 02:12 AM

edit iptables rules
 
iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance

nyshtyak 05-15-2013 04:00 AM

What is exactly your problem? What have you tried to do and what doesn't work?

niteen 05-15-2013 05:22 AM

i want to allow telnet connection for specific ip in the network.

nyshtyak 05-15-2013 07:04 AM

That's not a problem and that is not a description of what you have tried to do already. Iptables howto should help you here.

niteen 05-15-2013 07:17 AM

need advice on iptables-entry for the above problem

nyshtyak 05-15-2013 08:32 AM

I advice you to add entries that allow access from specific addresses to telnet port and then add entry that denies access to telnet port from all the addresses. INPUT chain in filter table would be good place for it. What do you think?

niteen 05-15-2013 09:03 AM

want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables

chrism01 05-15-2013 09:26 AM

Why on earth would you use telnet; its extremely insecure (plaintext).
Why not use ssh instead?

sillvester 05-16-2013 04:34 AM

Quote:

iptables -I INPUT -s 192.168.x.y -p tcp --dport [telnet port] -j ACCEPT
is this what you want?

sundialsvcs 05-16-2013 11:01 AM

It is often useful to use a tool such as Shorewall to maintain the IPTables rules for you, because the set of rules must be regarded as a complete set. (It does you absolutely no good to issue a rule that "tightly seals a doorway" when "the window next door is wide open," most especially when "... and you didn't know it," which is easy to do!)

Tools like Shorewall let you describe what you want to achieve, then they correctly issue the entire set of IPTables commands needed to do it. As for myself, I stopped monkeying-around with using the IPTables command directly, a long time ago.

---
Side comment: When posting a question, please be sure that the question is both complete and actually answerable. If we can't readily see what you're asking and in what context you are asking it, we can't help you get the answers you require. If you're having trouble with the English language and/or with knowing exactly what you do need to ask, please seek help from a colleague in your own country and work-group, either to help you ask your question or to answer it.

TB0ne 05-16-2013 11:22 AM

Quote:

Originally Posted by niteen (Post 4951689)
want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables

This seems to be a recurring thread with your posts. You claim to have "done googling", but never seem to find any of the EASILY found solutions that others give you, and your 'questions' are open-ended.

There are over ONE MILLION hits in Google form "linux iptables tutorials", such as the first two here:
http://www.linuxhomenetworking.com/w...Using_iptables
http://artoflinux.blogspot.com/2008/...beginners.html

What you're asking for is someone to read them for you, and spoon-feed you the exact command you want. This is much the same thing as asking someone else to write a program for you; if you show effort of your own and explain where you're stuck, we are always happy to help. Just saying over and over "this is what I need", and showing no effort of your own will likely NOT get you help.

Habitual 05-16-2013 07:05 PM

Quote:

Originally Posted by niteen (Post 4951442)
iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance

There's a KILLER tutorial here...

The Very First thing you wish to do, is guess what? Make a backup... here's what I use...
I "look at rules with
Code:

iptables -L -n
I make a backup using...
Code:

iptables-save > /root/safe.rules
/root/safe.rules is an ASCII text and can be edited. ;)
vi + /etc/rc.local
and add
Code:

/sbin/iptables-restore /root/safe.rules
before 'exit 0' and iptables should survive reboots (persistence).
Finally, to restore on the fly,
I use
Code:

/sbin/iptables-restore /root/safe.rules
Go and sin no more.

http://www.linuxquestions.org/questi...61/#post222579

niteen 05-25-2013 08:27 AM

dear Habitual,
i went for setting some rules on "iptables"

and i saved it..
Code:

/etc/init.d/iptables save
and i restarted it..
Code:

"/etc/init.d/iptables restart"
now everything is fine and working..
but on rebooting all rules are flushed off.
I want to set all rules permanently.
i.e even after reboot it remains as it.
any suggestions??
thanks in advance..

TB0ne 05-25-2013 06:20 PM

Quote:

Originally Posted by niteen (Post 4958659)
dear Habitual,
i went for setting some rules on "iptables"

and i saved it..
Code:

/etc/init.d/iptables save
and i restarted it..
Code:

"/etc/init.d/iptables restart"
now everything is fine and working.. but on rebooting all rules are flushed off. I want to set all rules permanently. i.e even after reboot it remains as it. any suggestions??

We will AGAIN suggest that you read the links/pages/tutorials you've been handed SEVERAL TIMES so far.

The link I posted to you before has a section that explains how to do this, with sample commands. Section 14.7, since you want to be spoon-fed.

niteen 05-30-2013 01:22 AM

yup it's done...
done setting flush for all rule set related to my desired port 19000
posting code
Code:

#!/bin/bash -x
#######################################################
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
#######################################################
/etc/init.d/iptables save
#######################################################
/etc/init.d/iptables restart
#######################################################

Thanks all


All times are GMT -5. The time now is 03:55 AM.