Red HatThis forum is for the discussion of Red Hat Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
my host, has not been the greatest on helping, has stated i can add info into my /etc/sysconfig/iptables file (which is not there)
i need to block ports 139 and 445 yet not touch anything else which may be blocked.
i tried using a script from iptables.net yet when i did, it blocked access to my sites via dreamweaver, and nothing could be uploaded.
this is what i used:
# import this saved configuration into your iptables configuration with the foll owing command:
# iptables-restore < web_server.config
the portion i used did not stay, thus there currently is no iptables in my sysconfig directory. what i need to do is add it, thus do i just add this portion as a file?
dreamweaver does not work when i ran the command:
iptables-restore < webserver_config
where webserver_config is the above info I posted.
Red Hat reads from /etc/sysconfig/iptables when you start the iptables service, i.e.:
service iptables start
. The file is not there by default since there are no iptables created by default.
If you load all of the iptables rules you want (i.e. run them on the command line) and export them with iptables-save, you can direct the output to /etc/sysconfig/iptables, i.e.
iptables-save > /etc/sysconfig/iptables
and when you boot (if iptables starts on boot) or when you start the iptables service, it will read from that file. Alternatively, if you put your file webserver_config in /etc/sysconfig/iptables and start iptables, it will read from the file.
If you just want to block ports 139 and 445, the "webserver_config" you have posted does more than just block those two ports. This line in particular: ":INPUT DROP [1:242]" looks like it will cause problems with connecting to your website (likely over ftp/port 21?).
yes, that definitely happens, can no longer ftp. i want to be able to ftp, also use secure ftp so i appreciate the help. i took the sample file from iptables.net or something like that and added 2082, 2086, 2089. so i will remove the one you referenced. any others are appreciated on what i should remove.
if literally all you want to do is drop incoming ports 139 and 445, you can do something like this:
:INPUT ACCEPT [3763225:3207648184]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3607438:859001518]
-A INPUT -p tcp -m tcp --dport 139 -j DROP
-A INPUT -p tcp -m tcp --dport 445 -j DROP
this save file is all the commands you would use on the commandline, i.e. you can just type "iptables -A INPUT -p tcp -m tcp --dport 139 -j DROP" and it will drop incoming packets on port 139. if you want to drop outgoing packets too, that requires just one more line. so if you want to test everything and make sure it works one line at a time, enter the commands in one at a time and then use "iptables-save > /etc/sysconfig/iptables" to save what you actually use.
P.S. About vi, I put that up there because a lot of places tell you to "save and exit." For the longest time I would use the "sav" command, which if I was outside the directory, I had to add the path every time. It wasn't until I got it in my head to Google for a quick way to save and exit that I came accross the command wq, whict Writes the file and Quits... If you knew this, cool... if not, I hope I saved you (and anyone else reading this) a whole bunch of needless typing....