LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-05-2002, 09:44 PM   #1
al_erola
LQ Newbie
 
Registered: Nov 2001
Location: Federal Way, WA
Distribution: Suse 9.3
Posts: 13

Rep: Reputation: 0
Iptable rules for Gnutella


How do I write an iptable rule to allow Gnutella to send messages out on port 6346?

the rules I have are as follows
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- south anywhere
ACCEPT all -- north anywhere
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
badflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
badflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
firewall icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
dropwall all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID,NEW

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain badflags (6 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Badflags:'
DROP all -- anywhere anywhere

Chain dropwall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Dropwall:'
DROP all -- anywhere anywhere

Chain firewall (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 15/min burst 5 LOG level warning prefix `Firewall:'
DROP all -- anywhere anywhere

Chain silent (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
 
Old 03-05-2002, 10:03 PM   #2
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
what is the script you are using. the output doesn't tell us a whole lot. So if you could post your script or allow us to see it somehow that would help a lot.
 
Old 03-05-2002, 10:31 PM   #3
al_erola
LQ Newbie
 
Registered: Nov 2001
Location: Federal Way, WA
Distribution: Suse 9.3
Posts: 13

Original Poster
Rep: Reputation: 0
Here are my rules.

Sorry, here are the rules with the commentary and IP addresses stripped out. Thanks in advance.

INT="eth0"

$IPT -F
$IPT -F INPUT
$IPT -F OUTPUT
$IPT -F FORWARD
$IPT -F -t mangle
$IPT -F -t nat
$IPT -X

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT

$IPT -t nat -A POSTROUTING -o $INT -j SNAT --to xxx.xxx.xxx.xxx

$IPT -A FORWARD -i $INT -m state --state NEW,INVALID -j DROP

$IPT -N firewall
$IPT -A firewall -m limit --limit 15/minute -j LOG --log-prefix Firewall:
$IPT -A firewall -j DROP

$IPT -N dropwall
$IPT -A dropwall -m limit --limit 15/minute -j LOG --log-prefix Dropwall:
$IPT -A dropwall -j DROP


$IPT -N badflags
$IPT -A badflags -m limit --limit 15/minute -j LOG --log-prefix Badflags:
$IPT -A badflags -j DROP

$IPT -N silent
$IPT -A silent -j DROP

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -s xxx.xxx.xxx.xxx -d 0/0 -p all -j ACCEPT
$IPT -A INPUT -s xxx.xxx.xxx.xxx -d 0/0 -p all -j ACCEPT

$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j badflags
$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j badflags
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags

$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
$IPT -A INPUT -p icmp -j firewall

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPT -A INPUT -j dropwall
 
Old 03-05-2002, 11:35 PM   #4
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
you can try this:


$IPT -A INPUT -s xxx.xxx.xxx.xxx -p all --dport 6346 -j ACCEPT

one other question is this a workstation or a firewall/router?
 
Old 03-06-2002, 12:00 AM   #5
al_erola
LQ Newbie
 
Registered: Nov 2001
Location: Federal Way, WA
Distribution: Suse 9.3
Posts: 13

Original Poster
Rep: Reputation: 0
It's a workstation. Do you see something wrong?
 
Old 03-06-2002, 03:21 AM   #6
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
no not really I just started out thinking it was what I had which is a router.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTable rules RecoilUK Linux - Security 1 05-27-2005 07:25 PM
Remove iptable rules greenthing Linux - Networking 11 03-03-2005 08:15 AM
Verifying IPTable rules... Ateo Linux - Networking 1 02-02-2005 03:33 PM
Help with IPtable Rules aqoliveira Linux - Security 3 12-10-2003 10:00 AM
iptable-rules for eDonkey? grubjo Linux - Networking 2 08-01-2002 06:38 AM


All times are GMT -5. The time now is 08:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration