Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-15-2013, 02:12 AM
|
#1
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Rep:
|
edit iptables rules
iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance
|
|
|
05-15-2013, 04:00 AM
|
#2
|
Member
Registered: Nov 2008
Distribution: Arch
Posts: 38
Rep:
|
What is exactly your problem? What have you tried to do and what doesn't work?
|
|
|
05-15-2013, 05:22 AM
|
#3
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Original Poster
Rep:
|
i want to allow telnet connection for specific ip in the network.
|
|
|
05-15-2013, 07:04 AM
|
#4
|
Member
Registered: Nov 2008
Distribution: Arch
Posts: 38
Rep:
|
That's not a problem and that is not a description of what you have tried to do already. Iptables howto should help you here.
|
|
|
05-15-2013, 07:17 AM
|
#5
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Original Poster
Rep:
|
need advice on iptables-entry for the above problem
|
|
|
05-15-2013, 08:32 AM
|
#6
|
Member
Registered: Nov 2008
Distribution: Arch
Posts: 38
Rep:
|
I advice you to add entries that allow access from specific addresses to telnet port and then add entry that denies access to telnet port from all the addresses. INPUT chain in filter table would be good place for it. What do you think?
|
|
|
05-15-2013, 09:03 AM
|
#7
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Original Poster
Rep:
|
want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables
|
|
|
05-15-2013, 09:26 AM
|
#8
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,418
|
Why on earth would you use telnet; its extremely insecure (plaintext).
Why not use ssh instead?
|
|
|
05-16-2013, 04:34 AM
|
#9
|
LQ Newbie
Registered: Dec 2010
Location: Jiaxing Zhejiang Province China
Posts: 6
Rep:
|
Quote:
iptables -I INPUT -s 192.168.x.y -p tcp --dport [telnet port] -j ACCEPT
|
is this what you want?
|
|
1 members found this post helpful.
|
05-16-2013, 11:01 AM
|
#10
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,056
|
It is often useful to use a tool such as Shorewall to maintain the IPTables rules for you, because the set of rules must be regarded as a complete set. (It does you absolutely no good to issue a rule that "tightly seals a doorway" when "the window next door is wide open," most especially when "... and you didn't know it," which is easy to do!)
Tools like Shorewall let you describe what you want to achieve, then they correctly issue the entire set of IPTables commands needed to do it. As for myself, I stopped monkeying-around with using the IPTables command directly, a long time ago.
---
Side comment: When posting a question, please be sure that the question is both complete and actually answerable. If we can't readily see what you're asking and in what context you are asking it, we can't help you get the answers you require. If you're having trouble with the English language and/or with knowing exactly what you do need to ask, please seek help from a colleague in your own country and work-group, either to help you ask your question or to answer it.
Last edited by sundialsvcs; 05-16-2013 at 11:05 AM.
|
|
|
05-16-2013, 11:22 AM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,414
|
Quote:
Originally Posted by niteen
want to know those entries.
i tried a lot from googling but not getting any specific solution.
can you advice me if i want to allow an IP (192.168.x.y) to connect my server via telnet,what should i enter into /etc/init.d/iptables
|
This seems to be a recurring thread with your posts. You claim to have "done googling", but never seem to find any of the EASILY found solutions that others give you, and your 'questions' are open-ended.
There are over ONE MILLION hits in Google form "linux iptables tutorials", such as the first two here:
http://www.linuxhomenetworking.com/w...Using_iptables
http://artoflinux.blogspot.com/2008/...beginners.html
What you're asking for is someone to read them for you, and spoon-feed you the exact command you want. This is much the same thing as asking someone else to write a program for you; if you show effort of your own and explain where you're stuck, we are always happy to help. Just saying over and over "this is what I need", and showing no effort of your own will likely NOT get you help.
|
|
1 members found this post helpful.
|
05-16-2013, 07:05 PM
|
#12
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
Quote:
Originally Posted by niteen
iptables rules are stored in /etc/sysconfig/iptables.
i want to stop authenticating from specific IP-address.
any idea please share.
thanks in advance
|
There's a KILLER tutorial here...
The Very First thing you wish to do, is guess what? Make a backup... here's what I use...
I "look at rules with
I make a backup using...
Code:
iptables-save > /root/safe.rules
/root/safe.rules is an ASCII text and can be edited.
vi + /etc/rc.local
and add
Code:
/sbin/iptables-restore /root/safe.rules
before 'exit 0' and iptables should survive reboots (persistence).
Finally, to restore on the fly,
I use
Code:
/sbin/iptables-restore /root/safe.rules
Go and sin no more.
http://www.linuxquestions.org/questi...61/#post222579
Last edited by Habitual; 05-16-2013 at 09:42 PM.
|
|
1 members found this post helpful.
|
05-25-2013, 08:27 AM
|
#13
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Original Poster
Rep:
|
dear Habitual,
i went for setting some rules on "iptables"
and i saved it..
Code:
/etc/init.d/iptables save
and i restarted it..
Code:
"/etc/init.d/iptables restart"
now everything is fine and working..
but on rebooting all rules are flushed off.
I want to set all rules permanently.
i.e even after reboot it remains as it.
any suggestions??
thanks in advance..
|
|
|
05-25-2013, 06:20 PM
|
#14
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,414
|
Quote:
Originally Posted by niteen
dear Habitual,
i went for setting some rules on "iptables"
and i saved it..
Code:
/etc/init.d/iptables save
and i restarted it..
Code:
"/etc/init.d/iptables restart"
now everything is fine and working.. but on rebooting all rules are flushed off. I want to set all rules permanently. i.e even after reboot it remains as it. any suggestions??
|
We will AGAIN suggest that you read the links/pages/tutorials you've been handed SEVERAL TIMES so far.
The link I posted to you before has a section that explains how to do this, with sample commands. Section 14.7, since you want to be spoon-fed.
|
|
|
05-30-2013, 01:22 AM
|
#15
|
Member
Registered: Mar 2013
Location: India
Distribution: Fedora
Posts: 66
Original Poster
Rep:
|
yup it's done...
done setting flush for all rule set related to my desired port 19000
posting code
Code:
#!/bin/bash -x
#######################################################
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
iptables -D INPUT -i eth0 -p tcp --dport 19000 -j ACCEPT
#######################################################
/etc/init.d/iptables save
#######################################################
/etc/init.d/iptables restart
#######################################################
Thanks all
|
|
|
All times are GMT -5. The time now is 05:57 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|