LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-28-2010, 10:52 PM   #1
erico1275
LQ Newbie
 
Registered: Mar 2010
Posts: 1

Rep: Reputation: 0
iptables for personal computers


New to Linux and I need to setup my iptables rules for my computer to allow request and respond to HTTP, this is what I have so far. Does this look right?

iptables -A INPUT -p TCP --dport 80 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 80 -j ACCEPT

thanks!

Last edited by erico1275; 03-28-2010 at 10:58 PM.
 
Old 03-29-2010, 12:32 AM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Hi, welcome to LQ!

Hard to say w/o knowing your network set-up and the rest of the
rule-set ... how about you post the output of
Code:
iptables -L
.. maybe anonymising your IP if it's public.


Cheers,
Tink
 
Old 03-29-2010, 03:12 AM   #3
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
The way your going is with standard policies set to deny. Which is best practice now a days. Just deny everything first hand (through policies in iptables) and then only allow certain things.
 
Old 03-30-2010, 05:18 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by erico1275 View Post
New to Linux and I need to setup my iptables rules for my computer to allow request and respond to HTTP, this is what I have so far. Does this look right?

iptables -A INPUT -p TCP --dport 80 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 80 -j ACCEPT

thanks!
It's kind of weird because you're completely ignoring packet states. If the server where these rules are active gets a non-root account compromised, the box can be used to send scan and attack TCP packets all over the Internet as long as the packets have their source ports set to 80. You can do much better than this, really. At the very least, you should have your OUTPUT rule specify that it's only meant for packets in state ESTABLISHED.

And yeah, like Tinkster said — we really do need the whole picture.



EDIT: Actually, I just noticed the thread title you used. If this is indeed for a PC (and not a server) then the rules are completely erroneous. We'll set you straight once you reply with more information.

Last edited by win32sux; 03-30-2010 at 05:33 AM.
 
Old 03-30-2010, 08:12 AM   #5
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: Slackware®
Posts: 12,712
Blog Entries: 27

Rep: Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055Reputation: 2055
Hi,

Welcome to LQ!

I would add to what others have stated you need to provide more information. 'How to Ask Questions the Smart Way' would be the first suggestion. But you could look at 'LQ Security' wiki for some helpful information.


The above links and others can be found at 'Slackware-Links'. More than just Slackware® links!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The world's fastest computers are Linux computers LXer Syndicated Linux News 0 11-28-2008 06:20 PM
LXer: FSF works with Los Alamos Computers to provide free computers LXer Syndicated Linux News 0 07-29-2008 10:12 PM
can I setup a personal route through a server to a gateway using iptables wastingtime Linux - Networking 1 04-20-2008 07:41 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM


All times are GMT -5. The time now is 11:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration