LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page iptables -P INPUT DROP question
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-21-2004, 03:59 PM   #1
yvesg
Member
 
Registered: May 2004
Distribution: SuSe v9.3 Professional
Posts: 33

Rep: Reputation: 15
iptables -P INPUT DROP question

I have written my own firewall script, somwhere in the script I call the following line:

iptables -P INPUT DROP

This line causes some issues on my linux machine:
I have no aibiltiy to surf and I can't ping any of my machines on my internal network / hosts on the internet.

Removing this line causes my ports to be in 'closed' in stead of 'stealth' status.

Is there any way get a workaround ? So I'm still at stealth mode, but PING works (at least for my internal network)
 
Old 06-21-2004, 04:13 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
With that policy rule, you need to specifically ALLOW each bit of traffic back into the box..

Usually with these 2 rules..

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -m state --state INVALID -j DROP

This -I puts the rule first in the chain, so the effect is the second rule is 1st after it loads.

If you want anything to find ports on your box, you will need to make rules to allow them, otherwise nothing gets through to see you.

Of course, that still depends on the rest of your rules...
What did you use as a reference to build your ruleset?
My favourite is http://iptables-tutorial.frozentux.n...-tutorial.html
Last edited by peter_robb; 06-21-2004 at 04:15 PM.
 
Old 06-21-2004, 05:18 PM   #3
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
Thumbs up
best tutorial on iptables.

even official netfilter.org docs can beat it.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables question? What is this? :RH-Firewall-1-INPUT - [0:0] abcampa Linux - Security 3 05-09-2005 12:44 PM
Newbie iptables INPUT question new@linux Linux - Security 6 03-08-2005 10:42 AM
iptables - drop all -> allow needed OR allow all -> drop specific lucastic Linux - Security 5 12-21-2004 02:07 AM
iptables DROP command mm_jth Linux - Security 5 11-07-2003 11:22 AM
iptables question on INPUT DROP ForumKid Linux - Security 3 02-12-2002 09:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration