LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-08-2004, 08:03 AM   #1
doshiaj
LQ Newbie
 
Registered: Jun 2004
Posts: 1

Rep: Reputation: 0
drop incoming/outgoing packets using iptables


Hi,

I am running a java application from my linux machine, which connects over internet to a remote computer on a given port. Now, during the run of the application, if the internet link goes down, then the application behaviour is unpredictable, so I want to reproduce the timeout problem by dropping the incoming and outgoing packets from the given IP using iptables. Following are the rules I am using for dropping the incoming/outgoing packets :

iptables -t mangle -I OUTPUT -p tcp --syn -d 203.88.194.194 -j DROP
iptables -t mangle -I PREROUTING -p tcp --syn -s 203.88.194.194 -j DROP

Now, if I apply these rules before starting my application, then it properly drops the packets and application gives timeout. But let say I haven't applied these rules at the start of the application, (means the IP is not blocked when the application starts), so application connects to the remote IP on the specified port, opens input/output streams on it. If I apply the above rules now to disable the incoming/outgoing traffics from the given IP, then it doesn't work, means it will transfer data on both the input and output streams properly and no timeout comes.

What is the problem here and what would be the work around?

Ankit
 
Old 06-08-2004, 10:38 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Your rules are only going to drop the initial syn packets that establish the connection. It's likely that once the connection has been initiated and the stream established, you won't see any further syn packets. I'd guess that you have a default policy of accept or some other rule that allows the rest of the traffic through (something like a rule allowing established/related traffic or some rule that allows non-syn traffic through). It's hard to say specifically without see you entire firewall ruleset, so post them if you want specifics.

If you wanted to mimic the effects of the link going down, you could probably do something a little more drastic like:

iptables -I INPUT -j DROP
iptables -I OUTPUT -j DROP
iptables -I FORWARD -j DROP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
drop packets for specific port with iptables ohcarol Linux - Security 1 07-03-2005 10:48 AM
Incoming, but no Outgoing Access belorion Linux - General 4 05-09-2005 07:37 PM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM
Logging incoming/outgoing mail - how to? ziphem Linux - Newbie 0 09-23-2004 03:25 PM
sendmail archiving incoming/outgoing problem cscarol Linux - Software 1 12-04-2003 11:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration