Starting out with iptables... will this configuration do what I want?

jkassemi · 09-27-2005, 08:51 AM

Hello everybody, I've got a wireless network running at my house... I've got several computers set up, and have allowed the AP to be used by anybody in the immediate area without any MAC address limitations, etc...

I do however have my development machine (mainly web programming/application hacking), with an apache server on port 80 that I don't want anybody to be able to access (other than a single PayPal address, for testing a payment service I'm working on)... Since I started port forwarding to my computer (for the paypal service to access), I've logged about 4 unauthorized visits... Two of which were obviously script kiddies. That got me a little concerned..

So I just started with iptables today to help me feel a little more secure, and have set up the following:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  127.0.0.1            0.0.0.0/0           
ACCEPT     all  --  192.168.0.1          0.0.0.0/0                     
ACCEPT     all  --  66.135.197.164       0.0.0.0/0                  
DROP       tcp  -- !192.168.0.0/24       0.0.0.0/0           tcp dpt:80 
DROP       all  --  192.168.0.0/24       0.0.0.0/0           
DROP       udp  -- !192.168.0.0/24       0.0.0.0/0           udp dpt:80

The 66.135.197.164 address is the paypal server... 192.168.0.1 is my wireless gateway's address... The wireless gateway has it's own firewall configured to block all external traffic, except what's headed to port 80 on my computer...

So. What I'm trying to do is block all the traffic to my machine from
1) Script kiddies from remote locations
2) From machines on my wireless network.

And accept all traffic from
1) localhost
2) PayPal's payment notification server....

Will this work for me? Is there anything else I should be doing?

Thank you,
James

b0uncer · 09-27-2005, 09:16 AM

isn't it easier:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT all -- 192.168.0.1 0.0.0.0/0
ACCEPT all -- 66.135.197.164 0.0.0.0/0

or what? only let in those you need

jkassemi · 09-27-2005, 09:26 AM

edit: N/M... Thanks for the edit... it's got the info I need

Thanks bouncer..

So if I change the policy to drop, would I only need the following:

Code:

ACCEPT     all  --  127.0.0.1            0.0.0.0/0           
ACCEPT     all  --  192.168.0.1          0.0.0.0/0                     
ACCEPT     all  --  66.135.197.164       0.0.0.0/0

I'm really trying to grasp a bunch of information very quickly in order to get these policies up before I run into problems again... So I probably haven't done ALL of the reading that I really need to..

Thanks,
James

linuxmanju · 09-27-2005, 10:31 AM

iptables is a complex topic .. If i were u i would have done something like this

iptables -P INPUT DROP
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p udp --source-port 53 -j ACCEPT //--- DNS
iptables -A INPUT -p tcp --sport 80 -j ACCEPT //--- ur browsing
iptables -A INPUT -s <PAYPAL ADDRESS> -p tcp --dport 80 -j ACCEPT

Just an exapmle.. Don have a linux PC with me right now check the typos..
add port 443 if u use https. just take it as an exapmle. and open only the ports that u want, and allow only the addresses that u want to accept.

jkassemi · 09-27-2005, 11:49 AM

Thank you. I adjusted the rules, and almost forgot about DNS!

-James