LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-12-2014, 11:51 PM   #1
bassplayer
LQ Newbie
 
Registered: Aug 2014
Posts: 2

Rep: Reputation: Disabled
writing an iptable rule


I am a student at ITT tech and am having trouble writing a iptable rule which will allow all incoming connections from 129.71.298.0/255.255.255.0 for services ssh, http, https, dns, dhcp.
 
Old 08-13-2014, 12:01 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
What have you tried? Which part isn't working?
 
Old 08-13-2014, 12:15 AM   #3
bassplayer
LQ Newbie
 
Registered: Aug 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Too new for my own good

I'm afraid I haven't figured what to write or how to even begin to write the command. I'm sure it's not difficult but, for me right now it's Hugh. Any help would be great and I would be very grateful.
 
Old 08-13-2014, 02:44 AM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
...and have you read this, which is the best documentation for all things iptables. Now, that might be more information than you wanted, but, on the assumption that after this problem there will be/would have been another problem, it will be worthwhile.

OK, to break it down a bit (I'm not going to answer your question directly), how would you, for example, do anything with http-related packets. What identifying feature would you use that allows you to separate those packets from the rest?

Could you do something similar with the other protocols (clue: yes, unclue, ssh might be more difficult, but that might be beyond the scope, depending)?

Could you do something that only works on packets from a particular source address range (again, clue: yes).

Could you combine the above (clue: yes).

Quote:
...trouble writing a iptable rule...
That seems to imply that only a single rule would be an acceptable answer. This may or may not be what you mean. I'll point out that a sequence of rules might be more flexible and may be able to achieve a more exact match to certain requirements and so, from that point of view, there may be an advantage in writing a sequence of rules, rather than just a single rule (there can also be disadvantages in writing a sequence of rules, so it depends a bit on context, which we don't have).

In any case, if you can write a sequence of rules that does pretty much what you want, it shouldn't be too difficult to come up with something similar (not exactly the same...but with some similarity), but compacted into a single rule.

It is difficult to know on what exact point you are stuck until you actually submit something that you have written, with a comment like 'and I don't know how to add this bit...' or '...but this seems to fail in that respect...'.
 
Old 08-13-2014, 06:08 AM   #5
diablo046
LQ Newbie
 
Registered: Jun 2014
Posts: 21

Rep: Reputation: Disabled
Please make a backup copy before editing Iptables Rule


Kindly check the following configuration ( For Centos and RedHat)

# iptables -L ( To check)
# iptables -F ( To flush )
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 80 -j ACCEPT ( For http )
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 22 -j ACCEPT ( For ssh )
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 443 -j ACCEPT ( for https )
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 53 -j ACCEPT ( For dns tcp )
# iptables -A INPUT -s 129.71.298.0/24 -p udp --destination-port 53 -j ACCEPT ( For dns udp )
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 67 -j ACCEPT ( For DHCP )
# iptables -A INPUT -s 129.71.298.0/24 -p tcp --destination-port 68 -j ACCEPT ( For DHCP )
# iptables -P INPUT DROP ( Block other Incoming traffic,if you want )

Now check iptables by # iptables -L

If you want to save these iptables rules then,

# iptables-save > /etc/sysconfig/iptables
# iptables-restore < /etc/sysconfig/iptables

Hope this will help you little bit
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptable rule for DNAT project.linux.proj Linux - Newbie 3 04-02-2013 10:25 AM
[SOLVED] iptable rule amartlk Linux - Newbie 2 12-18-2011 10:36 PM
iptable how many rule iptable can manage toure32 Linux - Networking 1 05-13-2010 04:34 AM
iptable rule vinaytp Linux - Newbie 1 10-26-2009 01:39 AM
Same Iptable rule to be avoided? Santoshkb Linux - Networking 2 12-21-2007 05:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration