LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-21-2007, 12:33 AM   #1
0.o
Member
 
Registered: May 2004
Location: Raleigh, NC
Distribution: Debian, Solaris, HP-UX, AIX
Posts: 208

Rep: Reputation: 35
Iptables user-defined chains


Hola,

Tonight i started making some firewall renovations to make the rules more manageable. I have created several different custom chains to segregate different rule sets from each other. Everything is going well with the exception of my DNS servers. I have posted my config for my firewall below.

Code:
# Generated by iptables-save v1.3.6 on Thu Jun 21 00:13:02 2007
*filter
:INPUT DROP [110:7953]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2214:1562876]
:BADHOST - [0:0]
:BADPORT - [0:0]
:GOODHOST - [0:0]
:SERVPORT - [0:0]
-A INPUT -j BADHOST
-A INPUT -j GOODHOST
-A INPUT -j SERVPORT
-A INPUT -j BADPORT
-A INPUT -i lo -j ACCEPT
-A INPUT -j LOG
-A BADHOST -s 59.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 222.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 125.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 207.38.5.161 -j DROP
-A BADHOST -s 204.15.193.132 -j DROP
-A BADHOST -s 220.166.64.216 -j DROP
-A BADHOST -s 64.146.9.218 -j DROP
-A BADHOST -s 218.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 87.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 122.0.0.0/255.0.0.0 -j DROP
-A BADHOST -s 122.124.128.141 -j DROP
-A BADHOST -s 69.93.167.202 -j DROP
-A BADHOST -s 66.98.254.217 -j DROP
-A BADHOST -s 64.146.9.218 -j DROP
-A BADPORT -p udp -m udp --dport 137:139 -j DROP
-A BADPORT -p tcp -m tcp --dport 139 -j DROP
-A BADPORT -p udp -m udp --dport 1025:1027 -j DROP
-A BADPORT -p udp -m udp --dport 67:68 -j DROP
-A BADPORT -p tcp -m tcp --dport 2967 -j DROP
-A BADPORT -p tcp -m tcp --dport 5900:5901 -j DROP
-A GOODHOST -s 70.60.0.0/255.252.0.0 -j ACCEPT
-A SERVPORT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A SERVPORT -d <WEB IP> -p tcp -m multiport --dports 22,80 -j ACCEPT
-A SERVPORT -d <WEB IP> -p tcp -m tcp --dport 80 -j ACCEPT
-A SERVPORT -d <DNS IP> -p udp -m udp --sport 53 --dport 53 -j ACCEPT
-A SERVPORT -d <DNS IP> -p tcp -m tcp --sport 53 --dport 53 -j ACCEPT
-A SERVPORT -d <MAIL IP> -p tcp -m multiport --dports 25,993 -j ACCEPT
-A SERVPORT -s <IP> -d <IP> -p udp -m multiport --dports 27500,27015 -j ACCEPT
-A SERVPORT -s <IP> -d <IP> -p udp -m udp --dport 27500 -j ACCEPT
COMMIT
I am not sure what i am missing... but i am obviously missing something.

EDIT: I see my stupid mistake. What are the chances of the source port being 53?

If someone would like to point out a way to make these rules better, i am open for suggestions.

Last edited by 0.o; 06-21-2007 at 12:40 AM.
 
Old 06-21-2007, 02:54 AM   #2
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
hi 0.o,

i'm not trying to teach you -- but are you sure about all that /8 networks you blocking? the config seems fine with me though

HTH.
 
Old 06-21-2007, 08:50 AM   #3
0.o
Member
 
Registered: May 2004
Location: Raleigh, NC
Distribution: Debian, Solaris, HP-UX, AIX
Posts: 208

Original Poster
Rep: Reputation: 35
Yeah, I am sure about them. They are mostly all from China. I've never seen any legitimate traffic coming from any if those ranges.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Create user-defined chains of accounting rules spoonpower Linux - Security 1 02-05-2007 09:19 AM
creation of new iptables chains !!!! gabsik Linux - Security 6 05-25-2006 07:57 PM
How to delete the one of iptables chains? 80mail Linux - Networking 1 12-21-2005 03:16 AM
iptables FLOOD FLAGS and INVALID chains - need another module? MadCactus Linux - Security 3 11-19-2003 09:26 AM
how packets traverse thru iptables chains? hardigunawan Linux - Security 1 01-09-2003 02:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration