Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
#Drop all incoming, outgoing and forwarding packets.
/sbin/iptables -P INPUT DROP #Drops all incoming packets from all interfaces.
/sbin/iptables -P OUTPUT DROP #Drops all outgoing packets from all interfaces.
/sbin/iptables -P FORWARD DROP #Drops all forwarding packets from all interfaces.
#The weakest link
/sbin/iptables -A INPUT -i eth0 -p tcp --sport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
#Drop nasty flags.
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-level --log-prefix
BAD FLAG ! L1"
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-level --log-prefix
BAD FLAG ! L2"
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level --log-prefix BAD FLAG
! L3"
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-level --log-prefix
BAD FLAG ! L4"
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-level --log-prefix
BAD FLAG ! L5"
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
#Stealth port scanner protection.
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A syn-flood -j LOG --log-level --log-prefix SYN Flood stopped
#Ping of death protection.
/sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
This is the error I get:
Quote:
iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to
insmod?)
Perhaps iptables or your kernel needs to be upgraded.
BTW: While we're he're is anything wrong with my script:
I'm need:
1. Access to HTTP for normal web browsing
2. Access to SMTP and POP3 for email
3. Access to the UDP for 'Real' Streaming video (this is more of a want than a need any way)
4. FTP Downloading
5. Any else that is essential to go online securely.
Originally posted by pickledbeans OK i got it , iptables isn't loaded as a module it part of the kernel ? I just ran iptable form the command line w/o that error.
What happens if you run /usr/sbin/iptables ? Post the error messages.
BTW, /usr/sbin isn't in the normal user $PATH.
Well I'm logged on as the root user and have tried what you have told me. But it still comes up with this error message.
Quote:
modprobe: Can't locate module ip_tables
iptables v1.26a: can't initialize iptables table 'filter': iptables who? (do you need to insmod)
Prehaps iptables or your kernel needs to upgraded.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.