LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Iptable rules for Gnutella (http://www.linuxquestions.org/questions/linux-security-4/iptable-rules-for-gnutella-15667/)

al_erola 03-05-2002 09:44 PM

Iptable rules for Gnutella
 
How do I write an iptable rule to allow Gnutella to send messages out on port 6346?

the rules I have are as follows
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- south anywhere
ACCEPT all -- north anywhere
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
badflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
firewall icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
dropwall all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID,NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain badflags (6 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Badflags:'
DROP all -- anywhere anywhere

Chain dropwall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Dropwall:'
DROP all -- anywhere anywhere

Chain firewall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Firewall:'
DROP all -- anywhere anywhere

Chain silent (0 references)
target prot opt source destination
DROP all -- anywhere anywhere

bbenz3 03-05-2002 10:03 PM

what is the script you are using. the output doesn't tell us a whole lot. So if you could post your script or allow us to see it somehow that would help a lot.

al_erola 03-05-2002 10:31 PM

Here are my rules.
 
Sorry, here are the rules with the commentary and IP addresses stripped out. Thanks in advance.

INT="eth0"

$IPT -F
$IPT -F INPUT
$IPT -F OUTPUT
$IPT -F FORWARD
$IPT -F -t mangle
$IPT -F -t nat
$IPT -X

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT

$IPT -t nat -A POSTROUTING -o $INT -j SNAT --to xxx.xxx.xxx.xxx

$IPT -A FORWARD -i $INT -m state --state NEW,INVALID -j DROP

$IPT -N firewall
$IPT -A firewall -m limit --limit 15/minute -j LOG --log-prefix Firewall:
$IPT -A firewall -j DROP

$IPT -N dropwall
$IPT -A dropwall -m limit --limit 15/minute -j LOG --log-prefix Dropwall:
$IPT -A dropwall -j DROP


$IPT -N badflags
$IPT -A badflags -m limit --limit 15/minute -j LOG --log-prefix Badflags:
$IPT -A badflags -j DROP

$IPT -N silent
$IPT -A silent -j DROP

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -s xxx.xxx.xxx.xxx -d 0/0 -p all -j ACCEPT
$IPT -A INPUT -s xxx.xxx.xxx.xxx -d 0/0 -p all -j ACCEPT

$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j badflags
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j badflags
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags

$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
$IPT -A INPUT -p icmp -j firewall

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPT -A INPUT -j dropwall

bbenz3 03-05-2002 11:35 PM

you can try this:


$IPT -A INPUT -s xxx.xxx.xxx.xxx -p all --dport 6346 -j ACCEPT

one other question is this a workstation or a firewall/router?

al_erola 03-06-2002 12:00 AM

It's a workstation. Do you see something wrong?

bbenz3 03-06-2002 03:21 AM

no not really I just started out thinking it was what I had which is a router.


All times are GMT -5. The time now is 03:54 PM.