LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-03-2015, 03:26 AM   #1
secrets88
LQ Newbie
 
Registered: Jun 2015
Posts: 17
Blog Entries: 1

Rep: Reputation: Disabled
Port problem on Firewall/iptables rules


Hello,

when I restart my firewall, all ports are closed for 30 minutes before taking into account the new firewall configuration.
and I do not know why?
this is my file config

#!/bin/bash

## Règles iptables.

## On flush iptables.
iptables -F

## On supprime toutes les chaînes utilisateurs.
iptables -X

## On drop tout le trafic entrant.
iptables -t filter -P INPUT DROP

## On drop tout le trafic sortant.
iptables -t filter -P OUTPUT DROP

## On drop le forward.
iptables -t filter -P FORWARD DROP

# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT

# Log Management
if [ $"logEnabled" == "true" ]
then
log1='-j LOG \--log-prefix "IPTABLES NULL-SCAN:"'
log2='-j LOG \--log-prefix "IPTABLES XMAS-SCAN:"'
log3='-j LOG \--log-prefix "IPTABLES SYNFIN-SCAN:"'
log4='-j LOG \--log-prefix "IPTABLES NMAP-XMAS-SCAN:"'
log5='-j LOG \--log-prefix "IPTABLES FIN-SCAN:"'
log6='-j LOG \--log-prefix "IPTABLES NMAP-ID:"'
log7='-j LOG \--log-prefix "IPTABLES SYN-RST:"'
log8='-j LOG \--log-prefix "IPTABLES SYN-FLOOD:"'
log9='-j LOG \--log-prefix "IPTABLES PORT-SCAN:"'

else
log1=''
log2=''
log3=''
log4=''
log5=''
log6=''
log7=''
log8=''
log9=''
fi

# IP rules common to all servers ==================================================================
## NULL-SCAN / Flag sans option
iptables -t filter -A INPUT -p tcp --tcp-flags ALL NONE $log1
iptables -t filter -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

## XMAS-SCAN / Flag sans details
iptables -t filter -A INPUT -p tcp --tcp-flags ALL ALL $log2
iptables -t filter -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

## SYNFIN-SCAN /
iptables -t filter -A INPUT -p tcp --tcp-flags ALL SYN,FIN $log3
iptables -t filter -A INPUT -p tcp --tcp-flags ALL SYN,FIN -j DROP

## NMAP-XMAS-SCAN
iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,FIN $log4
iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,FIN -j DROP

## FIN-SCAN
iptables -t filter -A INPUT -p tcp --tcp-flags ALL FIN $log5
iptables -t filter -A INPUT -p tcp --tcp-flags ALL FIN -j DROP

## NMAP-ID
iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,SYN,FIN $log6
iptables -t filter -A INPUT -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DROP

## SYN-RST
iptables -t filter -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST $log7
iptables -t filter -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
## SYN-FLOODING
iptables -t filter -N syn-flood
iptables -t filter -A INPUT -i eth0 -p tcp --syn -j syn-flood
iptables -t filter -A syn-flood -m limit --limit 1/sec --limit-burst 4 -j RETURN
iptables -t filter -A syn-flood $log8
iptables -t filter -A syn-flood -j DROP

## Make sure NEW tcp connections are SYN packets
iptables -t filter -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW $log8
iptables -t filter -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP

## port scaner
iptables -t filter -N port-scan
iptables -t filter -A INPUT -i eth0 -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j port-scan
iptables -t filter -A port-scan -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -t filter -A port-scan $log9
iptables -t filter -A port-scan -j DROP

## Dropper silencieusement tous les paquets broadcastes
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP

iptables -A INPUT -m state --state NEW -m tcp -s 192.168.45.1 -p tcp -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -s 192.123.88.3 -p tcp -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -s 212.345.34.1 -p tcp --dport 22 -j ACCEPT

# On bloque certaines requetes
iptables -I INPUT -p tcp --dport 80 -m string --string 'GET http' --algo bm -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --string 'CACHEBUSTER' --algo bm -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --string 'CONNECT' --algo bm -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --string 'GET /blog/xmlrpc.php' --algo bm -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --string 'POST /blog/xmlrpc.php' --algo bm -j REJECT
# Drop empty packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP


Thanks
 
Old 07-03-2015, 05:30 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Try removing all that -t filter from your rules. It isn't needed.
After you started your rules what does the output look like
Code:
iptables -nvL
Place the output in between CODE tags like so:

[ CODE ]
your code
[ /CODE ]

remove the spaces between the brackets.
 
Old 07-03-2015, 05:39 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by lazydog View Post
Try removing all that -t filter from your rules. It isn't needed.
It isn't needed because iptables defaults to using the "filter" table but it is an exact way of placing rules plus removing it couldn't change what he experiences anyway.


Quote:
Originally Posted by lazydog View Post
After you started your rules what does the output look like
Code:
iptables -nvL
The best way to list the current rule set is to show
Code:
iptables-save
output.



Quote:
Originally Posted by secrets88 View Post
when I restart my firewall, all ports are closed for 30 minutes before taking into account the new firewall configuration.
and I do not know why?
There is nothing in your rule set that would cause such a thing. So how did you test this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How can i allow all port in firewall rules jsaravana87 Linux - Server 1 11-01-2011 12:25 PM
Used Firewall rules for port 21 bkcreddy17 Linux - Newbie 5 11-18-2008 01:15 AM
Question about IPtables/firewall rules ilan1 Linux - Security 3 02-20-2006 11:58 PM
Problem Iptables, Firewall rules. Can anybody help ? ZliTroX Linux - Networking 9 09-06-2004 04:48 PM
Firewall Rules Problem with Iptables JereBear Linux - Networking 1 06-16-2002 04:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration