LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-07-2011, 02:48 PM   #1
guga0001
LQ Newbie
 
Registered: Apr 2011
Posts: 1

Rep: Reputation: 0
Adjust iptables to only inbound syn connections


Hi, I need some help. I'm trying to adjust the firewall to only inbound syn connections. To Allow all home subnets access to port 53 both tcp/udp but deny the rest.

Thx

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
 
Old 04-07-2011, 07:02 PM   #2
amonamarth
Member
 
Registered: Dec 2009
Location: Los Angeles
Distribution: Fedora ,CentOS, RHEL
Posts: 59

Rep: Reputation: 17
This will do what you need, it's not in Redhat's iptables script format, but you'll get the idea.

# Variables
IPADDR = "Your IP address"
HOME_SUBNET = "192.168.1.0/24" # Specify your home subnet here.

# Removing existing rules
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

# Set the default policy for the filter table to DROP
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

# Allowing unlimited trafic on the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Put this inside conditional, just in case connection tracking is not enabled in kernel
if [ "$CONNECTION_TRACKING" = "1" ]; then
# Allowing established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
fi

# Allowing all traffic to port 53 from HOME_SUBNET
iptables -A INPUT -i eth0 -d $IPADDR --dport 53 -j ACCEPT
iptables -A OUTPUT -o eth0 -s $IPADDR --sport 53 -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firestarter deny ipadresse from inbound connections LuggerHouse Linux - Networking 2 07-17-2008 11:08 AM
Can't make inbound connections, and servers won't activate (no ports available) CJ Chitwood Linux - Networking 7 01-22-2008 07:53 PM
iptables - -syn yawe_frek Linux - Security 2 12-02-2006 03:26 PM
firewall using dynamic dns for inbound connections ptah_be Linux - Security 8 02-06-2006 03:44 AM
No Shorewall/IPtables: not inbound connections allowed psychobyte Mandriva 3 05-25-2005 01:29 AM


All times are GMT -5. The time now is 08:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration