LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-13-2008, 08:04 PM   #1
Mogget
Member
 
Registered: Dec 2008
Location: Norway
Distribution: Debian
Posts: 43

Rep: Reputation: 15
iptable drop all


I have set up iptable to drop all packages except dns and http.
But when i do a scan of my self at http://www.grc.com/x/ne.dll?rh1dkyd2 it tells me that port 0 is rejected as expected, 1 to about 500 is dropped and then from there and up they are still rejected instead of dropped. The point where it stops dropping and rejects in stead can vary by a couple of ports up and down. I have configured the Modem to forward all ports to my computer so that should not be the problem.

My rc.firewall file
Code:
#!/bin/bash

# Variables used in this script
IPT_INSTALLED=0



### Checking if iptables is installed

if [ -e /usr/sbin/iptables ]; then
 IPT_INSTALLED=1
fi;

if [ $IPT_INSTALLED -eq 0 ]; then
 logger -p auth.info -t FIREWALL "ERROR Can't find iptables in /usr/sbin! Is iptables installed?"
 echo "ERROR Can't find iptables in /usr/sbin Is iptables installed?"
fi;



### Initializing iptables script if iptables were found

if [ $IPT_INSTALLED -eq 1 ]; then

# Telling syslogd that were configuring/reconfiguring the firewall
 logger -p auth.info -t FIREWALL "Initializing/configuring the firewall rules now."

# Deleting any existing chains
 iptables -F
 iptables -X

# Shutting down all traffic
 iptables -P FORWARD DROP
 iptables -P INPUT DROP
 iptables -P OUTPUT DROP

# Allow anything that already belongs to an established connection
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allowing loopback traffic
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT

# Adding rules to our chains
 iptables -A OUTPUT -p tcp --sport 1024:5999 --dport 80:80 -m state --state NEW -j ACCEPT       #HTTP
 iptables -A OUTPUT -p tcp --sport 1024:5999 --dport 443:443 -m state --state NEW -j ACCEPT     #HTTPS
                ### Temporary DNS
 iptables -A OUTPUT -p tcp --sport 0:65535 --dport 53:53 -j ACCEPT                              #DNS
 iptables -A OUTPUT -p udp --sport 0:65535 --dport 53:53 -j ACCEPT                              #DNS
 iptables -A INPUT -p tcp ! --syn --sport 53:53 --dport 0:65535 -j ACCEPT                       #DNS
 iptables -A INPUT -p udp --sport 53:53 --dport 0:65535 -j ACCEPT                               #DNS


# Telling syslogd that were done configuring/initializing the script.
 logger -p auth.info -t FIREWALL "Finished configuring/initializing the firewall script."

fi
true
My iptables -L

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:domain flags:!FIN,SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1024:cvsup dpt:http state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1024:cvsup dpt:https state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
Anyone have an idea to why this is happening?

Last edited by Mogget; 12-13-2008 at 08:07 PM.
 
Old 12-14-2008, 12:20 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I see nothing in your firewall rules that would cause this. It is possible that your ISP is doing some filtering that causes what you see.

I suspect you want to get rid of the last two rules in your INPUT chain. Replies from any DNS request will already be allowed in throught the "--state RELATED,ESTABLISHED" rule. The explicit ACCEPT rules allow anything from source port 53 to come in regardless of whether it is a response to a query from you or not.

Last edited by blackhole54; 12-14-2008 at 12:23 AM. Reason: typo
 
Old 12-14-2008, 01:41 AM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
I second the suggestion to get rid of those source port INPUT rules.
 
Old 12-14-2008, 03:37 AM   #4
Mogget
Member
 
Registered: Dec 2008
Location: Norway
Distribution: Debian
Posts: 43

Original Poster
Rep: Reputation: 15
Thank you for the suggestion to remove the input dns rules. I have spent so much time trying to learn this and write the script i simply didn't see it. It is working atleast so now i can work on adding more rules and logging into this.
 
  


Reply

Tags
iptables, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what is an iptable? & how to seperate the network on the basis of iptable vinod.wagh Linux - Networking 1 09-11-2008 01:28 AM
IPTable help tsaravan Linux - Networking 3 08-05-2008 04:05 AM
Drop connections to port 80 at firewall machine also drop at protected network? Niceman2005 Linux - Security 2 10-27-2005 08:21 AM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM
iptable cristi1979 Linux - Networking 4 06-29-2003 05:54 PM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration