LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-15-2013, 02:12 AM   #1
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Rep: Reputation: Disabled
edit iptables rules


iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance
 
Old 05-15-2013, 04:00 AM   #2
nyshtyak
Member
 
Registered: Nov 2008
Distribution: Arch
Posts: 38

Rep: Reputation: 1
What is exactly your problem? What have you tried to do and what doesn't work?
 
Old 05-15-2013, 05:22 AM   #3
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Original Poster
Rep: Reputation: Disabled
i want to allow telnet connection for specific ip in the network.
 
Old 05-15-2013, 07:04 AM   #4
nyshtyak
Member
 
Registered: Nov 2008
Distribution: Arch
Posts: 38

Rep: Reputation: 1
That's not a problem and that is not a description of what you have tried to do already. Iptables howto should help you here.
 
Old 05-15-2013, 07:17 AM   #5
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Original Poster
Rep: Reputation: Disabled
need advice on iptables-entry for the above problem
 
Old 05-15-2013, 08:32 AM   #6
nyshtyak
Member
 
Registered: Nov 2008
Distribution: Arch
Posts: 38

Rep: Reputation: 1
I advice you to add entries that allow access from specific addresses to telnet port and then add entry that denies access to telnet port from all the addresses. INPUT chain in filter table would be good place for it. What do you think?
 
Old 05-15-2013, 09:03 AM   #7
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Original Poster
Rep: Reputation: Disabled
want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables
 
Old 05-15-2013, 09:26 AM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Why on earth would you use telnet; its extremely insecure (plaintext).
Why not use ssh instead?
 
Old 05-16-2013, 04:34 AM   #9
sillvester
LQ Newbie
 
Registered: Dec 2010
Location: Jiaxing Zhejiang Province China
Posts: 6

Rep: Reputation: 4
Quote:
iptables -I INPUT -s 192.168.x.y -p tcp --dport [telnet port] -j ACCEPT
is this what you want?
 
1 members found this post helpful.
Old 05-16-2013, 11:01 AM   #10
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
It is often useful to use a tool such as Shorewall to maintain the IPTables rules for you, because the set of rules must be regarded as a complete set. (It does you absolutely no good to issue a rule that "tightly seals a doorway" when "the window next door is wide open," most especially when "... and you didn't know it," which is easy to do!)

Tools like Shorewall let you describe what you want to achieve, then they correctly issue the entire set of IPTables commands needed to do it. As for myself, I stopped monkeying-around with using the IPTables command directly, a long time ago.

---
Side comment: When posting a question, please be sure that the question is both complete and actually answerable. If we can't readily see what you're asking and in what context you are asking it, we can't help you get the answers you require. If you're having trouble with the English language and/or with knowing exactly what you do need to ask, please seek help from a colleague in your own country and work-group, either to help you ask your question or to answer it.

Last edited by sundialsvcs; 05-16-2013 at 11:05 AM.
 
Old 05-16-2013, 11:22 AM   #11
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,077

Rep: Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713
Quote:
Originally Posted by niteen View Post
want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables
This seems to be a recurring thread with your posts. You claim to have "done googling", but never seem to find any of the EASILY found solutions that others give you, and your 'questions' are open-ended.

There are over ONE MILLION hits in Google form "linux iptables tutorials", such as the first two here:
http://www.linuxhomenetworking.com/w...Using_iptables
http://artoflinux.blogspot.com/2008/...beginners.html

What you're asking for is someone to read them for you, and spoon-feed you the exact command you want. This is much the same thing as asking someone else to write a program for you; if you show effort of your own and explain where you're stuck, we are always happy to help. Just saying over and over "this is what I need", and showing no effort of your own will likely NOT get you help.
 
1 members found this post helpful.
Old 05-16-2013, 07:05 PM   #12
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,618
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by niteen View Post
iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance
There's a KILLER tutorial here...

The Very First thing you wish to do, is guess what? Make a backup... here's what I use...
I "look at rules with
Code:
iptables -L -n
I make a backup using...
Code:
iptables-save > /root/safe.rules
/root/safe.rules is an ASCII text and can be edited.
vi + /etc/rc.local
and add
Code:
/sbin/iptables-restore /root/safe.rules
before 'exit 0' and iptables should survive reboots (persistence).
Finally, to restore on the fly,
I use
Code:
/sbin/iptables-restore /root/safe.rules
Go and sin no more.

http://www.linuxquestions.org/questi...61/#post222579

Last edited by Habitual; 05-16-2013 at 09:42 PM.
 
1 members found this post helpful.
Old 05-25-2013, 08:27 AM   #13
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Original Poster
Rep: Reputation: Disabled
dear Habitual,
i went for setting some rules on "iptables"

and i saved it..
Code:
/etc/init.d/iptables save
and i restarted it..
Code:
"/etc/init.d/iptables restart"
now everything is fine and working..
but on rebooting all rules are flushed off.
I want to set all rules permanently.
i.e even after reboot it remains as it.
any suggestions??
thanks in advance..
 
Old 05-25-2013, 06:20 PM   #14
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,077

Rep: Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713Reputation: 2713
Quote:
Originally Posted by niteen View Post
dear Habitual,
i went for setting some rules on "iptables"

and i saved it..
Code:
/etc/init.d/iptables save
and i restarted it..
Code:
"/etc/init.d/iptables restart"
now everything is fine and working.. but on rebooting all rules are flushed off. I want to set all rules permanently. i.e even after reboot it remains as it. any suggestions??
We will AGAIN suggest that you read the links/pages/tutorials you've been handed SEVERAL TIMES so far.

The link I posted to you before has a section that explains how to do this, with sample commands. Section 14.7, since you want to be spoon-fed.
 
Old 05-30-2013, 01:22 AM   #15
niteen
Member
 
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 55

Original Poster
Rep: Reputation: Disabled
yup it's done...
done setting flush for all rule set related to my desired port 19000
posting code
Code:
#!/bin/bash -x
#######################################################
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
#######################################################
/etc/init.d/iptables save
#######################################################
/etc/init.d/iptables restart
#######################################################
Thanks all
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] during system startup, iptables rules not loaded from /etc/sysconfig/iptables danyim Linux - Security 3 04-13-2013 03:09 AM
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 06:50 PM
How to edit "/etc/udev/rules.d/40-basic-permissions.rules" file cygan Linux - Newbie 11 03-09-2009 06:22 AM
iptables 1.27a still loading rules after installing iptables 1.3.0 yawe_frek Linux - Software 1 06-07-2007 10:50 PM
IPTABLES how to add/edit/delete rules in existing chain? debug019 Linux - Newbie 1 11-11-2004 03:48 PM


All times are GMT -5. The time now is 09:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration