LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-16-2005, 07:50 AM   #1
bijuhpd
LQ Newbie
 
Registered: Feb 2005
Posts: 28

Rep: Reputation: 15
setting iptables


hi guys,
i am in need of help from you guys to set a rule in iptables
i want to set iptables in two machines to accept the packets from the server only and not from anyother machines
i am in doubt to use the ACCEPT , DROP rules.

thanks in advance
 
Old 03-16-2005, 09:08 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally posted by bijuhpd
i want to set iptables in two machines to accept the packets from the server only and not from anyother machines
are the clients and the server on the same LAN? if so, you could filter using the mac and ip address of the server, but what kind of input are you looking to allow from the server???

let's say the server is 192.168.0.1 with mac address xx:yy:zz:xx:yy:zz...
Code:
/sbin/modprobe ipt_mac

iptables -P INPUT DROP
iptables -A INPUT -s 192.168.0.1 -m mac --mac-source xx:yy:zz:xx:yy:zz -j ACCEPT
this would do what you are asking (accept ALL input coming from the server), but that isn't really a good thing, as the purpose of a firewall is to allow only needed traffic...

also, why does the server need to connect to the clients?? it's usually the other way around...

=/


Last edited by win32sux; 03-16-2005 at 09:16 AM.
 
Old 03-16-2005, 09:14 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
IMHO, it would make more sense to limit outgoing traffic on the clients so that they can only establish connectons with the server, and block all incoming connections:

Code:
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -P OUTPUT DROP
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -d 192.168.0.1 -m state --state NEW -j ACCEPT
running these rules on the clients would make them able to only connect with the server, and even if the server would get OWNED or infected with a worm, it wouldn't be able to attack the clients...

;-)


Last edited by win32sux; 03-16-2005 at 09:22 AM.
 
Old 03-17-2005, 12:28 AM   #4
bijuhpd
LQ Newbie
 
Registered: Feb 2005
Posts: 28

Original Poster
Rep: Reputation: 15
hi guys,
thanks a lot
how can i make A's IP address trusted so that it has access to B/C but no one else does. will the above rule enough.( i am having a remote object in B/C.only the program in A need to access B/C and restict all others as all ports will be open)

thanks in advance
 
Old 03-17-2005, 01:24 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
if A is the server, then using the above rules on B and C would work:

Code:
/sbin/modprobe ipt_mac

iptables -P INPUT DROP
iptables -A INPUT -s 192.168.0.1 -m mac --mac-source xx:yy:zz:xx:yy:zz -j ACCEPT
this would allow all input coming from A (192.168.0.1)... keep in mind this is really insecure...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up IPTables remotely tarballed Linux - Security 7 12-13-2004 06:23 PM
Setting up Firewall, iptables duerra Linux - Newbie 3 01-22-2004 01:26 PM
Firewall setting up via iptables not able to get out countcobolt Linux - Networking 1 01-15-2004 07:43 PM
Help!!! Setting up a firewall using IPTables seidren Linux - Networking 2 08-20-2003 03:27 PM
setting up iptables Mydal Linux - Security 3 01-03-2003 03:59 PM


All times are GMT -5. The time now is 06:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration