LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-14-2007, 01:21 PM   #1
Jorophose
Member
 
Registered: Oct 2006
Location: Ontario, Canada
Distribution: Xubuntu 6.06!! =D
Posts: 137

Rep: Reputation: 15
Need to restore iptables config


I'm the biggest idiot in the world, the one thing people fear when designing their systems:

I messed around in what I don't understand and now I'm afraid my machines going to be comprimised.

Somebody please help me out and post their iptables config (the /etc/ one) so I can get things back to normal!

All I want is blockstuff from like coming (out? (SSH, http, https, etc. access should be blocked so no remote logins)) but let stuff like web pages get loaded here. (Like let me still surf the 'net or something)

Newbies: ALWAYS READ THE MANUAL! D;
 
Old 10-14-2007, 01:37 PM   #2
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
If you want to drop everything that's coming from the net to you, except for what you've started yourself, here's how it goes:
Code:
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
That's the start; you could save that as a shell script, modify it for your needs and run again to "apply" the changes. Oh, and remember to run iptables-save after you're done to save the changes so they're loaded at next boot.

What the above does, is flush all existing rules, remove all user-defined chains (so make the "tables clean"), then set incoming and forwarded traffic to be dropped, outgoing to be accepted; then add a new rule to the incoming traffic that lets stuff come trough that is related to traffic that's already going on, or that you have established. A short, nice start.
 
Old 10-14-2007, 01:55 PM   #3
ray_80
Member
 
Registered: Oct 2007
Posts: 75

Rep: Reputation: 15
Quote:
Originally Posted by b0uncer View Post
If you want to drop everything that's coming from the net to you, except for what you've started yourself, here's how it goes:
Code:
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
That's the start; you could save that as a shell script, modify it for your needs and run again to "apply" the changes. Oh, and remember to run iptables-save after you're done to save the changes so they're loaded at next boot.

What the above does, is flush all existing rules, remove all user-defined chains (so make the "tables clean"), then set incoming and forwarded traffic to be dropped, outgoing to be accepted; then add a new rule to the incoming traffic that lets stuff come trough that is related to traffic that's already going on, or that you have established. A short, nice start.
Good advice.

How about iptables-restore?

man iptables-restore

man iptables

Regards
 
Old 10-14-2007, 03:46 PM   #4
Jorophose
Member
 
Registered: Oct 2006
Location: Ontario, Canada
Distribution: Xubuntu 6.06!! =D
Posts: 137

Original Poster
Rep: Reputation: 15
Well thanks guys for the tips!

Does the configuration get updated right away? Or do I need to like modprobe something or restart my computer before things are usable? Will Pidgin still work? And what about gnutella?

Thanks again!
 
Old 10-14-2007, 05:03 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Jorophose View Post
Well thanks guys for the tips!

Does the configuration get updated right away? Or do I need to like modprobe something or restart my computer before things are usable? Will Pidgin still work? And what about gnutella?

Thanks again!
When you run those iptables commands your active iptables configuration is changed right away.

You can check your active configuration with a:
Code:
iptables -nvL
For this to survive a reboot you need to either add the commands to your startup sequence, or save the configuration to a file (using iptables-save) and have it get loaded at startup by for example calling an iptables-restore via a pre-up in your interfaces file. The rules posted would allow anything that doesn't require open incoming ports to work, as it is a stealth config.

Last edited by win32sux; 10-14-2007 at 05:09 PM.
 
Old 10-15-2007, 02:22 AM   #6
hans51
Member
 
Registered: Mar 2005
Location: Cambodia
Distribution: suse
Posts: 36
Blog Entries: 1

Rep: Reputation: 16
to save changes made to the iptables config file - use

iptables-save >/etc/iptables.conf

to restore from that file - use in shell:

iptables-restore </etc/iptables.conf

obviously you may run above save command to create a second backup copy in case all gets lost again ! example:
iptables-save >/etc/iptables.conf-backup

Last edited by hans51; 10-15-2007 at 02:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restore iptables file RH AS 5 AQG Linux - Security 4 10-10-2007 02:49 PM
iptables-restore v1.2.11: Line 68 seems to have a -t table option. SupaDucta Linux - Networking 2 01-11-2006 06:38 AM
IPTables will not restore rules dieduster Linux - Security 2 12-22-2005 08:17 AM
restoring iptables-restore Zaius Linux - Newbie 7 01-22-2004 12:55 PM
iptables-restore error on COMMIT budzynm Linux - Security 1 08-01-2003 04:21 PM


All times are GMT -5. The time now is 05:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration