LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 10-30-2011, 04:43 PM   #1
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Rep: Reputation: 16
Limiting client connections to a port without iptables


I have a centos server which I cannot enable iptables on yet need to prevent a certain port from being hacked.

I need to ensure the port doesn't get too many connections from the same client and/or too many connections one after another from anywhere.

Is there a tool out there which would allow me to do this or is there an iptables config example somewhere which shows how I can allow everything but limit access to one port such as above.

Thanks.
 
Old 10-30-2011, 08:27 PM   #2
acal3000
LQ Newbie
 
Registered: Oct 2011
Posts: 9

Rep: Reputation: Disabled
Snort / Firestarter
 
Old 10-30-2011, 09:03 PM   #3
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by acal3000 View Post
Snort / Firestarter
Snort I believe might be overkill and firestarter I think is for a system with gnome on it.
 
1 members found this post helpful.
Old 10-31-2011, 12:55 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Quote:
Originally Posted by mlewis View Post
I have a centos server which I cannot enable iptables on yet
If the machine is connected to any network it should already have been hardened. If it isn't then you shouldn't run (publicly accessible) services on it yet. What are your reasons why you think you can't?


Quote:
Originally Posted by mlewis View Post
or is there an iptables config example somewhere which shows how I can allow everything but limit access to one port such as above.
Sure. Search this forum for "iptables limit" and it'll show you a few (also notice the "Similar Threads" box at the bottom of this page). If this is your first server, if you don't have any Linux or firewall knowledge just say so.

Last edited by unSpawn; 10-31-2011 at 12:56 AM.
 
Old 10-31-2011, 01:13 AM   #5
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>If the machine is connected to any network it should already have been hardened.
>If it isn't then you shouldn't run (publicly accessible) services on it yet.
>What are your reasons why you think you can't?

VoIP systems usually have their iptables and selinux functions disabled. I of course have firewalls where public access comes into the network. Usually, I can get everything done at the firewall level but in this case, I need to have something on the server itself.

>Sure. Search this forum for "iptables limit" and it'll show you a few (also
>notice the "Similar Threads" box at the bottom of this page).
>If this is your first server, if you don't have any Linux or firewall knowledge just say so.

Nope, not my first server, I have a network full of them . I use iptables on all servers but the setups are usually pretty straight forward. I simply have never had the opportunity to learn iptables fully since I mainly use the firewalls to do what I need. Learning it isn't something I have time for at the moment which is why I asked the community.

So, if you can actually provide something other than 'go search', that would be great.
 
0 members found this post helpful.
Old 10-31-2011, 01:41 AM   #6
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by mlewis View Post
So, if you can actually provide something other than 'go search', that would be great.
Going and searching, will find you the answer you are looking for. First 3 google results spell it out.
unSpawn even told you what to search for..

As an additional note, using [QUOTE] tags, is far easier to read, and implement, than that whole ">" thing you have going on...
 
Old 10-31-2011, 06:01 AM   #7
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>Going and searching, will find you the answer you are looking for.
>First 3 google results spell it out. unSpawn even told you what to search for..

Sigh, forums are becoming as useless as their members are. How useless it is to constantly read 'go search'. Not much of a community effort.

As I already told you, I am completely unfamiliar with iptables other than adding/removing ports and other very basic functions on servers I like to add a little extra protection to. Yes, I have read about iptables limit function, yup, I get that it does what I'm after, thanks for the lead.

However, not knowing a damn thing about iptables is not going to help me to understand how I can use it to limit one or two ports while not blocking anything else. Of course I've searched for that and of course I've tried it for myself. There simply isn't enough time in a day to survive and take on learning everything about iptables to do this safely which is why I asked the community.

If all you can tell me is to go search, why the hell do you guys keep replying to my posts? Does it give you a bigger head? Great, happy that I've inflated your already large egos. You don't need to reply to me and tell me how you give of your time and that I don't deserve to be given the answers unless I go look for myself. I have explained my situation, you can go away if you can't help me, I don't need education in posting, I need help from someone who actually cares to give a guy a hand.

You don't HAVE to make other people's questions your place for debate, just move on and let someone who actually cares to help someone find the question instead of this nonsense.

Last edited by mlewis; 10-31-2011 at 07:27 AM.
 
0 members found this post helpful.
Old 10-31-2011, 08:29 AM   #8
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
From: http://www.debian-administration.org/articles/187 Found by google search "iptables limit"

Quote:
An example is probably the simplest way to illustrate how it works. The following two rules will limit incoming connections to port 22 to no more than 3 attemps in a minute - an more than that will be dropped:
Code:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
The answer took less time to find via search than your last diatribe took to write. Your last post has also been reported as it violates several of the LQ rules.

Edit: On a personal note, you will get a lot farther in this forum if you avoid trying to make demands. If you want to make demands, try paying for support. Even with the above example, which given the lack of implementation detail you have provided, you will STILL need to read and understand how to apply the filter.

Last edited by Noway2; 10-31-2011 at 08:33 AM.
 
2 members found this post helpful.
Old 10-31-2011, 08:49 AM   #9
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by Noway2 View Post
From: http://www.debian-administration.org/articles/187 Found by google search "iptables limit"



The answer took less time to find via search than your last diatribe took to write. Your last post has also been reported as it violates several of the LQ rules.

Edit: On a personal note, you will get a lot farther in this forum if you avoid trying to make demands. If you want to make demands, try paying for support. Even with the above example, which given the lack of implementation detail you have provided, you will STILL need to read and understand how to apply the filter.
Get real, I'm not making any demands other than for the inflated ego's to leave people alone if all they have to say is what you've just said above. Re-read the thread before you jump into the fun, you're doing the same thing I'm complaining about.

Your example by the way, doesn't tell me anything about what I asked. I already know how to use the limit option of iptables, why don't you read the thread if you're doing to bother taking the time to flame me. The implementation HAS been explained. You're just having fun at my expense.

Rules, my god, grow up. Boot me off if I'm breaking a rule by asking people to stop being such babies. There is too much of this sort of nonsense in the forums these days.
 
0 members found this post helpful.
Old 10-31-2011, 09:07 AM   #10
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,378

Rep: Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824
Squeaky wheels get the oil?

Care to explain why Noway2's response does not meet the requirement in post #1?
 
Old 10-31-2011, 09:19 AM   #11
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by allend View Post
Squeaky wheels get the oil?

Care to explain why Noway2's response does not meet the requirement in post #1?
As I said before, that particular server is a voip server which is not running iptables.
It's not like I can just add a rule because there is no iptables running on the server.

Plus, the setup would have to be a complete one which encompasses the fact that I need to allow everything, all traffic, and only limit one port.

Since I don't know enough about iptables to build my own configuration, I was asking of someone in the community to please post a full configuration which would do this task. It would not only help me but I am sure it would help anyone else who will ever need something like this.

Telling me to go read isn't the answer for me because I am already overwhelmed with work and don't have the energy to take on something else at the moment which is why I asked for help. Otherwise, I would take the time to learn about iptables so that I could do this myself, which, I will certainly do once I have some time.

Right now, I have a server which is getting attacked and would like a little help from some friendly soul who understands when someone is simply asking for help and doesn't need a lesson in posting or searching.
 
0 members found this post helpful.
Old 10-31-2011, 09:38 AM   #12
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,378

Rep: Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824
I fail to see why you cannot have iptables running with rules to limit a port. Noway2 shows the example for port 22. You have not specified the port you wish to limit.
Something like this should meet your needs.
Code:
#!/bin/sh
iptables -P INPUT ACCEPT
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
 
Old 10-31-2011, 09:55 AM   #13
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>I fail to see why you cannot have iptables running with rules to limit a port.
>Noway2 shows the example for port 22. You have not specified the port you
>wish to limit.

Have you never run a pbs before, if you have, you'll notice that selinuz and iptables are always turned off as a default. I usually just leave it that way and use my firewall's instead to limit.

>Something like this should meet your needs.
>
Code:
#!/bin/sh
>iptables -P INPUT ACCEPT
>iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>  --set

>iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>  --update --seconds 60 --hitcount 4 -j DROP
[/QUOTE]

It might but what's not clear to me is the rest of it. As I have said, I don't know how to build an iptables file from scratch. An iptables file cannot contain only the above information and there's more to it than just adding one rule. I can't just use the default iptables because it is based on allowing only certain ports. Again, I want to allow all traffic, making sure I am not blocking anything, and limit the one port.

The port didn't really seem to matter much as part of the post but to be specific, it is 5060. The idea is to prevent script kiddies from hammering the system with dictionary hits trying to find accounts which don't have good passwords. I just want to limit how fast/often a connection can come from one IP to help discourage such behavior.
 
Old 10-31-2011, 10:06 AM   #14
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,378

Rep: Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824Reputation: 824
Quote:
and use my firewall's instead to limit
Some new information there. How are the firewalls implemented?

Quote:
Again, I want to allow all traffic, making sure I am not blocking anything, and limit the one port.
Quote:
iptables -P INPUT ACCEPT
That rule accepts everything.
Quote:
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--set

iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 -j DROP
Those rules do the limiting. Just change port 22 to port 5060.
 
Old 10-31-2011, 10:15 AM   #15
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
You have been given the answer to what you asked for. If you won't or can't read the answer and understand it, then it is your problem, not ours. If you don't have iptables and ask for iptables scripts, again it is YOUR problem, not ours. If you don't like the answers your receive, it is YOUR problem, not ours.

If you don't understand how iptables works, which is apparent from your statements that are absolutely wrong, again that is YOUR problem, not ours.

Last edited by Noway2; 10-31-2011 at 10:15 AM. Reason: typo
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Rate limiting port 110 & 25 iptables rhbegin Linux - Security 14 05-18-2011 10:02 AM
Want to see VMWare client connections through local IPTables SlowCoder Linux - Security 0 05-09-2008 01:45 PM
Rate limiting with Iptables on port 21 rino2003 Linux - Networking 1 12-26-2004 06:34 PM
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 02:14 PM
"iptables tc" limiting bandwidth for specific port maxut Linux - Enterprise 0 09-09-2004 08:50 AM


All times are GMT -5. The time now is 12:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration