Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-12-2005, 08:47 AM   #1
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 520

Rep: Reputation: 31
Question security policy iptables

i am running linux fc4, for internet shairing, i want to block all peer 2 peer softwares, but want to allow all http , ftp ,webcam.
so running squid, and nat using iptables.
query is that when i set FORWARD default policy to DROP, users (clients) are unable to connect yahoo messenger, but able to connect msn.
that is to block all kind of softwares. ,
so getting complaigns.
when i set default policy to ACCEPT of FORWARD Chain. no problem.

my rules related to yahoo. are

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 5000:50001 -j ACCEPT
iptables -A INPUT -p udp --dport 5000:50010 -j ACCEPT
iptables -A INPUT -p tcp --dport 5050 -j ACCEPT

iptables -A FORWARD -p tcp --dport 5000:50001 -j ACCEPT
iptables -A FORWARD -p udp --dport 5000:50010 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT

any suggestion ?

thanks for help advance
Old 11-12-2005, 10:36 AM   #2
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
1. you need not allow the ports into the INPUT chain, unless you want to use yahoo from the firewall itself, which i do not recomend.

2. it should be enough to allow ESTABLISHED,RELATED in the FORWARD chain, and allow the internal interface.
example: eth0 = external connetion, eth1 = internal connection
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
this will allow everything outgoing.
then you start closing things, and test, while you create new rules, so that you know which rules are causing trouble.
Old 11-14-2005, 07:15 AM   #3
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 520

Original Poster
Rep: Reputation: 31
Thanks for help , i'll check this .
Take care


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DEFAULT POLICY lappen Linux - Newbie 8 02-23-2011 04:55 AM
mysql entry in catalina.policy when using security option gschrade Linux - Software 5 03-23-2004 12:23 PM
Domain Security Policy talkinggoat Linux - Networking 0 10-10-2003 12:25 PM
designing security policy for organisations sadiboyz Linux - Security 2 09-03-2003 04:18 AM
iptables: Bad policy name rioguia Linux - Security 10 01-10-2003 12:21 AM

All times are GMT -5. The time now is 06:07 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration