LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-08-2007, 10:43 AM   #16
ripper
LQ Newbie
 
Registered: Apr 2007
Posts: 24

Original Poster
Rep: Reputation: 0

Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

i deleted all rules
now ho do i start from the begining :|
 
Old 04-08-2007, 09:04 PM   #17
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
Quote:
Originally Posted by ripper
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

i deleted all rules
now ho do i start from the begining :|
First off, I recommend creating a script that populates iptables, rather than attempting to modify the tables directly. This way you can modify as needed, and run the script to update.

My script starts out like this:

Code:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -F INPUT
iptables -F OUTPUT

iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

iptables -A INPUT -j ACCEPT -p all -s localhost -d localhost
iptables -A OUTPUT -j ACCEPT -p all -s localhost -d localhost

iptables -A INPUT -j ACCEPT -p all --dport ssh
iptables -A INPUT -j ACCEPT -p all --dport http
iptables -A INPUT -j ACCEPT -p all --dport ftp
1st section: sets the default behavior to DROP, clears the current tables
2nd section: allows all established connections to go through
3rd section: allows local machine processes to talk to each other.
This is very important.
4th section: is where you can specifically allow connections via port.

This is not nearly all my script, but it should get you started. Don't place your script in the rc.local until you're sure it will work. You can just restart your box to regain access. Otherwise if you make a booboo you might not be able to access your system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Newb Question Tsarok Fedora 5 07-14-2005 03:05 PM
Very newb question m2azer Linux - Newbie 3 09-19-2004 07:58 PM
Newb question tombomb300 Linux - Newbie 1 01-28-2004 01:20 PM
A Newb Question pt. 2 gnr2k3 Linux - Newbie 3 08-30-2003 06:37 PM
A Newb Question gnr2k3 Linux - Newbie 1 08-30-2003 05:54 PM


All times are GMT -5. The time now is 02:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration