LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-17-2003, 05:24 PM   #1
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Rep: Reputation: 16
Question prevent an IP to get out?


I want to know how I can put in my rc.firewall script to disable an IP to get out. I don't want a certain IP to get out to the internet. How can I do this in my rc.firewall script?
 
Old 03-18-2003, 12:05 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Assuming that your linux box in question is acting as a router for the other machines, you can add an ipchains rule. Something like:
ipchains -A -i eth1 -o eth0 -j REJECT
where (-i eth1) is your internal NIC connected to the LAN and (-o eth1) is your external NIC connected to the internet.

-DISCLAIMER-
You definitely want to verify that rule as my memory of RH7.0 and ipchains is fading, but the general idea should work.
 
Old 03-18-2003, 05:05 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,305
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
Missed the chain: -A OUTPUT
 
Old 03-18-2003, 05:14 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Whoops! Thought that didn't look right.
Thanks unSpawn.
 
Old 03-18-2003, 06:51 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Maybe I'm missing something, but isn't that solution going to shut down ALL addresses? If I'm reading the orignal question correctly, the problem is to shut down a single IP address. In iptables I think something like:

iptables -A OUTPUT -s XXX.XXX.XXX.XXX -j REJECT

might work, but I don't know what the ipchains equivalent would be.
 
Old 03-18-2003, 08:43 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,305
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
isn't that solution going to shut down ALL addresses?
Whoops! Thought that didn't look right.
Thanks Hangdog42. :-]
 
Old 03-18-2003, 08:52 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Yeah, just like we said in the first place:
iptables -A OUTPUT -s XXX.XXX.XXX.XXX -j REJECT

 
Old 03-18-2003, 09:12 PM   #8
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I just double checked and we're all wrong. The target chain is lower case in ipchains (He's using RH7.0). So:
ipchains -A output -s XXX.XXX.XXX.XXX -j REJECT

doh!

Last edited by Capt_Caveman; 03-18-2003 at 09:13 PM.
 
Old 03-18-2003, 10:06 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,305
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
At least you spotted it...
 
Old 03-18-2003, 10:57 PM   #10
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I just realized he's using the 2.4.17 kernel, so he might have iptables running after all. So don't mind me, I'm just going to go back to sniffing glue now.
 
Old 03-19-2003, 01:49 PM   #11
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Original Poster
Rep: Reputation: 16
yep, I'm using iptables.

Would it still be the same manner? iptables versus ipchains?
 
Old 03-19-2003, 02:48 PM   #12
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
No iptables and ipchains use slightly different syntax:

For iptables:
iptables -A OUTPUT -s XXX.XXX.XXX.XXX -j REJECT

For ipchains:
ipchains -A output -s XXX.XXX.XXX.XXX -j REJECT

Notice the difference. So the question really is are you running iptables or ipchains. RedHat7.0 used ipchains but if you really updated your kernel all the way to version 2.4.17 (which I personally think is kind of hard-core) you could be using iptables.
 
Old 03-19-2003, 03:00 PM   #13
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Original Poster
Rep: Reputation: 16
Thanks, i'll give it a try tonight!!

I'll give it a try tonight, I'll update my results.
 
Old 03-27-2003, 11:08 PM   #14
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Original Poster
Rep: Reputation: 16
Angry does not work.

I entered this command and they can still get through after I've rebooted.
 
Old 03-28-2003, 12:20 AM   #15
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
A couple of questions:
1. Are you using iptables or ipchains?
2. Are you doing any kind of forwarding or masquerading(NAT)?
3. Did you put that rule before or after your rule(s) that allows the other addresses through.

If you're doing any kind of forwarding or masquerading for your LAN addresses, it might be bypassing the OUTPUT chain. If so, add a rule before the forwarding or masquerading lines that specifically prohibits that address from going through.

If your forwarding for example:

iptables -A FORWARD -i eth1 -o eth0 -s xxx.xxx.xxx.xxx -j REJECT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

-or just this-
iptables -A FORWARD -i eth1 -o eth0 -s !xxx.xxx.xxx.xxx -j ACCEPT

If your using ipchains, the syntax will be different. Also, post the relevent iptables rules, network topology, etc. It's kind of hard to figure out what the problem is if we don't have know the whole picture.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to have prevent X server to... melopll *BSD 4 08-29-2005 05:45 PM
how to prevent Bogons ? basbosco Linux - Security 5 03-01-2004 10:35 PM
How to prevent the bogons? basbosco Linux - Security 1 03-01-2004 02:22 PM
iptables prevent some allow some john8675309 Linux - Software 6 02-02-2004 10:38 AM
How to prevent users from --> Drogo Linux - Software 7 01-31-2004 11:03 PM


All times are GMT -5. The time now is 01:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration