LinuxQuestions.org - iptables question

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - iptables question (https://www.linuxquestions.org/questions/linux-security-4/iptables-question-387990/)

cashton2k

11-30-2005 01:27 PM

iptables question

hi need to block private i.p addresses on class a and class b networks entering through the external interface on my firewall, any suggestions on an iptables command?

cheers

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255

bulliver

11-30-2005 04:29 PM

Code:

# /sbin/iptables -A INPUT -p tcp -s 10.0.0.0/8 -i eth0 -j DROP

I'll let you figure out the cidr notation for the second one...

How do you suppose traffic from private IPs will get routed to your external interface? Are you just trying to block spoofs?

In any event, it is generally wiser to disallow _everything_ by default then add rules to allow stuff, rather than the inverse...

cashton2k

11-30-2005 04:53 PM

cheers for the help, is it dangerous to disallow everything as im using telnet to connect to the firewall?

zamri

11-30-2005 06:51 PM

i just think that u should use SSH instead of telnet. It is more secure because the connection is encrypted.

cashton2k

12-01-2005 05:10 AM

so I should just block everything and just allow 192.168.0.0 to 192.168.255.255?

switched to ssh now cheers

bulliver

12-01-2005 05:23 AM

Do 192.168.0.0 to 192.168.255.25 need to access you box? Only allow what needs to be allowed...

Perhaps you should explain your setup in detail, as well as what other boxes/IPs need access to it, and someone can probably give you more useful answers. You seem to be confusing the difference between untrusted connection (ie: those from the Internet) and trusted ones (ie: those from your private LAN). Presumably you have two interfaces on the firewall. Each will need different rules, because they are two vastly different ingress points. Again, more detail on your setup, and your goals, would help here.

BTW, good on you for using ssh. telnet is terribly insecure.

cashton2k

12-01-2005 05:26 AM

the firewall is to protect 2 machines on the 172.24.15.0 subnet, on the other side of the firewall is lots of 192.168.xxx.xxx networks

yeah i use a 192.168.x.x machine to ssh in

jschiwal

12-01-2005 05:35 AM

Are you sure that you have your inside and outside IPs straight. Both the 10.x.x.x and 192.168.x.x IP addresses are private and should not be coming in from the outside. These ranges definitely should be blocked.

cashton2k

12-01-2005 08:43 AM

yeah its right because the external interface on the firewall is connected to a large network before it gets to the internet

All times are GMT -5. The time now is 02:58 PM.