LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables rules doesn't work as expected.. (http://www.linuxquestions.org/questions/linux-security-4/iptables-rules-doesnt-work-as-expected-501518/)

Shioni 11-14-2006 10:51 AM

iptables rules doesn't work as expected..
 
Hi!
I have a SSH server on our network, but I want to setup iptables, so that it can be accessed only from the network. I used these rules on the server, but now server is not accessable..
Code:

iptables -A INPUT -m iprange --src-range 192.168.1.2-192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with tcp-reset

Any suggestions?! Thank you!

Nathanael 11-14-2006 11:11 AM

Code:

iptables -A INPUT -p tcp -s 192.168.1.0/28 -dport 22 -j ACCEPT
iptables -P INPUT DROP

that should do the trick!

Shioni 11-14-2006 11:35 AM

Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..

amitsharma_26 11-14-2006 02:15 PM

Quote:

Originally Posted by Shioni
Thanks! When I add "iptables -P INPUT DROP" I lost connection to server..

Look as you were accessing your server via ssh & you ran
iptables -P INPUT DROP
... you(iptables) dropped your own connection as well. You were better creating a script & then typing those commands in them & then finally running that script.

Nathanael 11-15-2006 01:37 AM

do you by any chanse know this rule
Code:

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
that makes sure that related and already established connections stay open!!

google for iptables tutorial and among the first hits you will find all you need

EDIT:
btw. if you dont add a DROP you are not really firewalling!!!


All times are GMT -5. The time now is 12:08 AM.