Need to restore iptables config

Jorophose · 10-14-2007, 12:21 PM

I'm the biggest idiot in the world, the one thing people fear when designing their systems:

I messed around in what I don't understand and now I'm afraid my machines going to be comprimised.

Somebody please help me out and post their iptables config (the /etc/ one) so I can get things back to normal!

All I want is blockstuff from like coming (out? (SSH, http, https, etc. access should be blocked so no remote logins)) but let stuff like web pages get loaded here. (Like let me still surf the 'net or something)

Newbies: ALWAYS READ THE MANUAL! D;

b0uncer · 10-14-2007, 12:37 PM

If you want to drop everything that's coming from the net to you, except for what you've started yourself, here's how it goes:

Code:

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

That's the start; you could save that as a shell script, modify it for your needs and run again to "apply" the changes. Oh, and remember to run iptables-save after you're done to save the changes so they're loaded at next boot.

What the above does, is flush all existing rules, remove all user-defined chains (so make the "tables clean"), then set incoming and forwarded traffic to be dropped, outgoing to be accepted; then add a new rule to the incoming traffic that lets stuff come trough that is related to traffic that's already going on, or that you have established. A short, nice start.

ray_80 · 10-14-2007, 12:55 PM

Quote:

Originally Posted by b0uncer

If you want to drop everything that's coming from the net to you, except for what you've started yourself, here's how it goes:

Code:

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

That's the start; you could save that as a shell script, modify it for your needs and run again to "apply" the changes. Oh, and remember to run iptables-save after you're done to save the changes so they're loaded at next boot.

What the above does, is flush all existing rules, remove all user-defined chains (so make the "tables clean"), then set incoming and forwarded traffic to be dropped, outgoing to be accepted; then add a new rule to the incoming traffic that lets stuff come trough that is related to traffic that's already going on, or that you have established. A short, nice start.

Good advice.

How about iptables-restore?

man iptables-restore

man iptables

Regards

Jorophose · 10-14-2007, 02:46 PM

Well thanks guys for the tips!

Does the configuration get updated right away? Or do I need to like modprobe something or restart my computer before things are usable? Will Pidgin still work? And what about gnutella?

Thanks again!

win32sux · 10-14-2007, 04:03 PM

Quote:

Originally Posted by Jorophose

Well thanks guys for the tips!

Does the configuration get updated right away? Or do I need to like modprobe something or restart my computer before things are usable? Will Pidgin still work? And what about gnutella?

Thanks again!

When you run those iptables commands your active iptables configuration is changed right away.

You can check your active configuration with a:

Code:

iptables -nvL

For this to survive a reboot you need to either add the commands to your startup sequence, or save the configuration to a file (using iptables-save) and have it get loaded at startup by for example calling an iptables-restore via a pre-up in your interfaces file. The rules posted would allow anything that doesn't require open incoming ports to work, as it is a stealth config.

hans51 · 10-15-2007, 01:22 AM

to save changes made to the iptables config file - use

iptables-save >/etc/iptables.conf

to restore from that file - use in shell:

iptables-restore </etc/iptables.conf

obviously you may run above save command to create a second backup copy in case all gets lost again ! example:
iptables-save >/etc/iptables.conf-backup