LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Simple firewall script not working for me (https://www.linuxquestions.org/questions/linux-newbie-8/simple-firewall-script-not-working-for-me-170477/)

Gates1026 04-15-2004 09:04 AM
Simple firewall script not working for me
 
I am wanting to lock down all open ports on my slackware box at home, so I found the following script to use as my iptables firewall. When I start it up it will not let me ssh or ftp to my own computer, the connection just hangs and then times out. I can access the internet fine but no ssh or ftp. Also nmap wont work either, does it not work when you have a firewall running on your machine? Here is the firewall script, can anyone see anything wrong with it? Any help would be greatly appreciated :) Also if anyone could reccomend anything that would be better I would be open to any and all suggestions!!

Code:
#!/bin/bash
#
# Basic script to keep the nasties out
# First we make the default policy to drop everything
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
# Lets allow ssh to connect
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
#end script

tigerflag 04-15-2004 10:08 AM
Are you on a LAN, or just a solitary box? If you have just one box not networked to anything else, I know of a one-liner firewall script that works just dandy for me. It puts me into what grc.com calls "stealth" mode and I can still FTP files. I'm still on dialup, so if you have another way of connecting I don't know if it will work for you. You can try it if you want:

You go into a shell or terminal, su to Root, and type the following:

iptables (then press Enter)

Then type:

/sbin/iptables -A INPUT -p tcp --syn -j DROP (then press Enter)

HTH,
Siri Amrit

Gates1026 04-15-2004 10:17 AM
Sorry I forgot to mention that this is just a firewall for my sole computer at home. I do not need to do any NAT or anything complex like that, just close up some ports that are sitting open to the world.

So that script of yours doesnt drop anyone from connecting to your open ports, just makes it look like they are closed if they do a port scan? I might try that but I would also like something that will drop packets trying to connect to the ports as well.

tigerflag 04-16-2004 09:04 AM
It drops the packets. The ports don't appear to be there at all. You can go to grc.com and have them check your ports in the Shields UP tool section of the site.

If that doesn't work for you, you can get a simple iptables gui interface like Guarddog or Firestarter to configure your iptables for you.

HTH,
Siri Amrit

tuxguy 04-16-2004 09:40 PM
try this site out...

http://iptables-script.dk/index1.php


All times are GMT -5. The time now is 03:14 AM.