LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-15-2004, 10:04 AM   #1
Gates1026
Member
 
Registered: Sep 2003
Location: Iowa
Distribution: Slackware 9.1
Posts: 155

Rep: Reputation: 30
Simple firewall script not working for me


I am wanting to lock down all open ports on my slackware box at home, so I found the following script to use as my iptables firewall. When I start it up it will not let me ssh or ftp to my own computer, the connection just hangs and then times out. I can access the internet fine but no ssh or ftp. Also nmap wont work either, does it not work when you have a firewall running on your machine? Here is the firewall script, can anyone see anything wrong with it? Any help would be greatly appreciated Also if anyone could reccomend anything that would be better I would be open to any and all suggestions!!

Code:
#!/bin/bash
#
# Basic script to keep the nasties out
# First we make the default policy to drop everything
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
# Lets allow ssh to connect
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
#end script
 
Old 04-15-2004, 11:08 AM   #2
tigerflag
Member
 
Registered: Aug 2002
Location: Phoenix, AZ
Distribution: PCLinuxOS 2012.08
Posts: 428

Rep: Reputation: 30
Are you on a LAN, or just a solitary box? If you have just one box not networked to anything else, I know of a one-liner firewall script that works just dandy for me. It puts me into what grc.com calls "stealth" mode and I can still FTP files. I'm still on dialup, so if you have another way of connecting I don't know if it will work for you. You can try it if you want:

You go into a shell or terminal, su to Root, and type the following:

iptables (then press Enter)

Then type:

/sbin/iptables -A INPUT -p tcp --syn -j DROP (then press Enter)

HTH,
Siri Amrit
 
Old 04-15-2004, 11:17 AM   #3
Gates1026
Member
 
Registered: Sep 2003
Location: Iowa
Distribution: Slackware 9.1
Posts: 155

Original Poster
Rep: Reputation: 30
Sorry I forgot to mention that this is just a firewall for my sole computer at home. I do not need to do any NAT or anything complex like that, just close up some ports that are sitting open to the world.

So that script of yours doesnt drop anyone from connecting to your open ports, just makes it look like they are closed if they do a port scan? I might try that but I would also like something that will drop packets trying to connect to the ports as well.
 
Old 04-16-2004, 10:04 AM   #4
tigerflag
Member
 
Registered: Aug 2002
Location: Phoenix, AZ
Distribution: PCLinuxOS 2012.08
Posts: 428

Rep: Reputation: 30
It drops the packets. The ports don't appear to be there at all. You can go to grc.com and have them check your ports in the Shields UP tool section of the site.

If that doesn't work for you, you can get a simple iptables gui interface like Guarddog or Firestarter to configure your iptables for you.

HTH,
Siri Amrit

Last edited by tigerflag; 04-16-2004 at 10:06 AM.
 
Old 04-16-2004, 10:40 PM   #5
tuxguy
Member
 
Registered: Mar 2004
Location: North Bay, Ontario - CANADA
Distribution: Debian
Posts: 77

Rep: Reputation: 16
try this site out...

http://iptables-script.dk/index1.php
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 05:19 AM
Simple php script with html form not working. sinsoush Programming 4 04-01-2004 09:02 PM
Simple firewall script. pls help Wags Slackware 5 02-18-2004 05:13 PM
simple bash script not working. e1000 Programming 4 01-14-2004 01:09 AM
can't use simple firewall script (it worked before) tigerflag Linux - Security 2 06-23-2003 01:10 AM


All times are GMT -5. The time now is 04:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration