LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-24-2007, 07:13 PM   #1
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Rep: Reputation: 30
Talking Testing IPTables


Hey guys im trying to test this simple IPTables i placed in a script in my centos box.

Quote:
iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT
im trying to test this using NMAP, i tried to NMAP it using -sT,-sS ...etc
but i always recieved "operation not permitted" but if i removed the state i just place

Quote:
iptables -A INPUT -P TCP -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT
i received a reply displaying the ports.

is there something wrong with the script thats why i cant NMAP it if the state is placed or theres something wrong on how i NMAP it?

 
Old 10-24-2007, 09:50 PM   #2
eagleheart
Member
 
Registered: Apr 2007
Location: Athens, Georgia, USA
Distribution: kubuntu 12.04, centos 6.3
Posts: 31

Rep: Reputation: 16
start over, like you had it, at least this much:
Quote:
iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
then try with just loopback open:
Quote:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
assuming the target of nmap is 127.0.0.1
 
Old 10-26-2007, 04:03 AM   #3
aakhan
LQ Newbie
 
Registered: Oct 2007
Location: Karachi, Pakistan
Distribution: Slackware-12.0
Posts: 7

Rep: Reputation: 0
Quote:
Originally Posted by SBN View Post
Code:
iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT
The "-P" switch sets default policy on a chain. "-p" (watch the lower-case letter 'p'), on the other hand, selects protocol. I don't have a Linux box at hand, but I am pretty sure the first of the two iptables command you are running will complain.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
testing iptables performance testing pavan.daemon Linux - Networking 2 09-28-2007 05:22 PM
Replace 'etch' with 'testing' in /etc/apt/sources.list to track 'testing' branch? Akhran Debian 3 04-09-2007 10:45 AM
iptables testing program metallica1973 Linux - Security 7 04-29-2005 09:50 PM
Setup as getting debian testing files from ftp - will it stay with testing BrianHenderson Debian 2 09-02-2004 06:06 PM
Testing IPTABLES Firewall 1jamie Linux - Security 6 08-28-2003 08:17 AM


All times are GMT -5. The time now is 11:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration