LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-10-2007, 11:36 AM   #1
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 161

Rep: Reputation: 30
Restore iptables file RH AS 5


Hi,

I would like to restore my iptables to its original configuration as it was when I first intalled Red Hat AS 5. But can't seem to figure out how to restore /etc/sysconfig/iptables. I never saved this file to iptables-save (bad mistake).

can someone give me a hand on this.


Thanks!!!!
 
Old 10-10-2007, 12:46 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Assuming the default configuration is to have everything cleared, this script would do it:
Code:
#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t raw -P PREROUTING ACCEPT
$IPT -t raw -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F -t raw

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -X -t raw
Keep in mind this is equivalent to having no firewall - a fresh start, in other words.

Last edited by win32sux; 10-10-2007 at 12:49 PM.
 
Old 10-10-2007, 01:08 PM   #3
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 161

Original Poster
Rep: Reputation: 30
Thanks,
Just forgot to mention I'm a kind of new to iptables.
I ran your script. /etc/sysconfig/iptables looks as follows:
####################################################################
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#######################################################################

So now I need to open up nfs ports only to some IP's, might you have and axample of how this works or can you re-direct me to the right location.

I know 2049 is supposed to be open to share nfs but don't know which others or how to add them to the iptables.

Thank you!!

Last edited by AQG; 10-10-2007 at 01:12 PM.
 
Old 10-10-2007, 01:32 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
You need to do a "service iptables save" after executing the script if you want the changes to be saved.

As for NFS, start by searching LQ, as it's a question that has been asked several times.

Last edited by win32sux; 10-10-2007 at 01:35 PM.
 
Old 10-10-2007, 01:49 PM   #5
AQG
Member
 
Registered: Jun 2005
Distribution: SuSE, Red Hat
Posts: 161

Original Poster
Rep: Reputation: 30
Thank you!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables-restore v1.2.11: Line 68 seems to have a -t table option. SupaDucta Linux - Networking 2 01-11-2006 05:38 AM
IPTables will not restore rules dieduster Linux - Security 2 12-22-2005 07:17 AM
iptables-restore fails with quite ordinary (i think) configuration Prommy Linux - General 5 02-17-2004 06:37 AM
restoring iptables-restore Zaius Linux - Newbie 7 01-22-2004 11:55 AM
iptables-restore error on COMMIT budzynm Linux - Security 1 08-01-2003 03:21 PM


All times are GMT -5. The time now is 04:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration