LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 10-31-2011, 10:19 AM   #16
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86

I've heard of people who don't RTFM. I've heard of people who don't read the rules.. but people who ask a question and don't even read the answer? That's a whole new level of foolishness.
 
1 members found this post helpful.
Old 10-31-2011, 10:51 AM   #17
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>You have been given the answer to what you asked for. If you won't or can't read
>the answer and understand it, then it is your problem, not ours.

I suppose you have no clue what so ever about how childish what you just posted is but then, that's what happens when you have a big ego I guess.

>If you don't have iptables and ask for iptables scripts, again it is YOUR problem, not ours.
>If you don't like the answers your receive, it is YOUR problem, not ours.

>If you don't understand how iptables works, which is apparent from your statements
>that are absolutely wrong, again that is YOUR problem, not ours.[/QUOTE]

Are you just a plain ol idiot or are you working hard at it? I cannot state any clearer what I have stated as being my capabilities using iptables. If I tell you I don't know how to use an axe, is that the next thing you'll berate me for? Gee, tell me something you don't know how to do and I'll be happy to berate you for it too. What a stupid waste of time people like you are.

Stop saying it's not OUR problem when you are speaking for yourself. This isn't OUR problem in any way what so ever, no one is forcing you to respond to anything.
 
Old 10-31-2011, 10:52 AM   #18
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by OlRoy View Post
I've heard of people who don't RTFM. I've heard of people who don't read the rules.. but people who ask a question and don't even read the answer? That's a whole new level of foolishness.
Hehe, yet another one. They come right out of the woodwork don't they. Read my posts, I have not once not read a reply in this thread. Yet another person that just has to go mouthing off inflating their own ego.
 
Old 10-31-2011, 10:58 AM   #19
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>Some new information there. How are the firewalls implemented?

I have no problem providing additional information if you'll be more specific about what I failed to offer?
How are the firewalls implemented? Each set of voip servers has it's own firewall. In this case, a pfsense firewall which provides access to the public using common voip ports, 5060, 5080, udp ports, etc. That's about it for implementation.

>That rule accepts everything.
>Those rules do the limiting. Just change port 22 to port 5060.

Yes, I get that. But here's the part I need to better understand.
In order to use this, do I clear all rules first, then starting from scratch, simply use these two commands and I get a fully working iptables file?

As I've mentioned, I have not had the chance to learn iptables yet other than adding/removing ports in a very basic way. Just never really needed to learn it. Right now, I just want to implement a very basic iptables setup to slow down script kiddies.
I will learn iptables just as soon as I have the chance. Right now, I'm simply asking someone to let me know what the whole file should look like. I mean bottom line here folks, are we not trying to help each other to keep the hackers at bay? This is something that can help someone else.

Because someone posts asking for an answer should not automatically mean attack that person for not reading manuals. I mean come on folks, that's kinda lame.
 
Old 10-31-2011, 01:18 PM   #20
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
We allow new members ample time to acclimatize and adapt to what LQ is all about. You've been a member long enough to know that there are limits. And right now we've seen quite enough. So here's me talking to you as forum moderator now: stop it, here and now, unconditionally. I don't think I need to explain myself or the LQ Rules any further. Should you wish to discuss your official warning you will do so by contacting me by email.

That out of the way, combining wisdom from the first link in the "Similar Threads" box I pointed you to and previous advice: take a Centos machine w/o firewall rules and run 'service iptables stop'. Now run
Code:
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 5060 -m state --state NEW -m recent --set
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 5060 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p udp -m udp -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p icmp -m icmp --icmp-type any -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j REJECT --reject-with icmp-host-prohibited
/sbin/iptables-save > /etc/sysconfig/iptables
See if that file works for you then just 'service iptables start'.

[EDIT]* Also see this -m limit --limit / -m hashlimit --hashlimit example.[/EDIT]

Last edited by unSpawn; 02-15-2012 at 12:19 AM. Reason: //31-10-11: //Don't use "RH-Firewall-1-INPUT" but "INPUT"!, added --limit / --hashlimit URI //15-02-12: //Add BB code tags
 
Old 10-31-2011, 01:30 PM   #21
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
What a joke. I get attacked and the moderator decides that I'm in the wrong.
Do what ever you wish with my account friend, your forums become irrelevant when you allow people to practically answer all questions with 'RTFM'.
 
Old 10-31-2011, 02:24 PM   #22
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Nothing justifies you letting your attitude and language deteriorate throughout this thread the way you did. And while blaming others is a very safe thing to do, it definitely isn't the responsible, let alone mature, way we expect LQ members to conduct themselves. The LQ Rules clearly state you should remain friendly, respectfully and thoughtfully, without insulting and personally attacking your fellow LQ members: and that goes for you too.

To cut things short I've warned you once and, as I said in the other thread, once should be enough.
Thread closed.
Enough.

Last edited by unSpawn; 11-07-2011 at 08:07 PM.
 
1 members found this post helpful.
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Rate limiting port 110 & 25 iptables rhbegin Linux - Security 14 05-18-2011 10:02 AM
Want to see VMWare client connections through local IPTables SlowCoder Linux - Security 0 05-09-2008 01:45 PM
Rate limiting with Iptables on port 21 rino2003 Linux - Networking 1 12-26-2004 06:34 PM
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 02:14 PM
"iptables tc" limiting bandwidth for specific port maxut Linux - Enterprise 0 09-09-2004 08:50 AM


All times are GMT -5. The time now is 05:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration