LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-14-2006, 10:51 AM   #1
Shioni
Member
 
Registered: Mar 2006
Posts: 182

Rep: Reputation: 30
iptables rules doesn't work as expected..


Hi!
I have a SSH server on our network, but I want to setup iptables, so that it can be accessed only from the network. I used these rules on the server, but now server is not accessable..
Code:
iptables -A INPUT -m iprange --src-range 192.168.1.2-192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with tcp-reset
Any suggestions?! Thank you!
 
Old 11-14-2006, 11:11 AM   #2
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
Code:
iptables -A INPUT -p tcp -s 192.168.1.0/28 -dport 22 -j ACCEPT
iptables -P INPUT DROP
that should do the trick!
 
Old 11-14-2006, 11:35 AM   #3
Shioni
Member
 
Registered: Mar 2006
Posts: 182

Original Poster
Rep: Reputation: 30
Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..
 
Old 11-14-2006, 02:15 PM   #4
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by Shioni
Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..
Look as you were accessing your server via ssh & you ran
iptables -P INPUT DROP
... you(iptables) dropped your own connection as well. You were better creating a script & then typing those commands in them & then finally running that script.
 
Old 11-15-2006, 01:37 AM   #5
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
do you by any chanse know this rule
Code:
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
that makes sure that related and already established connections stay open!!

google for iptables tutorial and among the first hits you will find all you need

EDIT:
btw. if you dont add a DROP you are not really firewalling!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
One of my iptables rules is making X not work krock923 Linux - Security 5 08-24-2006 02:10 AM
If your hardware does not work as expected! Keruskerfuerst Suse/Novell 1 11-06-2005 05:43 AM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM
Iptables keeps changing the order of the rules –will this still work? dholingw Linux - Security 11 06-22-2004 12:01 AM
-ne argument expected WHY doesnt this work VisionZ Linux - Newbie 8 03-27-2004 12:39 AM


All times are GMT -5. The time now is 09:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration