Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-18-2006, 03:07 AM
|
#1
|
Member
Registered: May 2006
Posts: 141
Rep:
|
Adding the rule in iptables ?
Hi Everyone
I am new to linux and iptables
First i am practicing the ipatbles in ferdora core 6
I have only one local ip in the iptables machine
my ip is 192.168.1.12(where the iptable is running )
Now i want to addthis rule in the iptables
"iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.12 - p
TCP -j DROP
i tryed go to the path of vi /etc/sysconfig/iptables
and i added that ,but its saying error
And also Normall i run that command its not working
What i should i add or run this to get updated
And where i can see for the status that my rule got
updated in the iptabless
Please clarify my doubts on iptables
I like yo learn iptables
Healping this issue will be greatly appriciated
Thanks&Regards
winxandlinx
|
|
|
11-18-2006, 05:31 AM
|
#2
|
Member
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777
Rep:
|
Quote:
Originally Posted by winxandlinx
"iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.12 - p
TCP -j DROP
|
Code:
iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.12 -p TCP -j DROP
Copy ^^^ & run it. (maybe your rule had some problems with spaces)
Quote:
Originally Posted by winxandlinx
i tryed go to the path of vi /etc/sysconfig/iptables
|
About the default redhat firewall script, there are 2 things;
first they pipe all the input from INPUT to another new chain & second you are not supposed to use the above format. Follow the format mentioned in that file itself.
About learning iptables;
follow this....
Iptables Tutorial 1.1.19
Oskar Andreasson
http://www.linuxsecurity.com/resourc...-tutorial.html
|
|
|
11-20-2006, 12:03 AM
|
#3
|
Member
Registered: May 2006
Posts: 141
Original Poster
Rep:
|
No Its not happening anything
when i am running this
Tell me where i can check that command has got updated or not
|
|
|
11-20-2006, 07:00 AM
|
#4
|
Member
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777
Rep:
|
Quote:
Originally Posted by winxandlinx
No Its not happening anything
when i am running this
Tell me where i can check that command has got updated or not
|
will confirm you the same in a tabular form.
|
|
|
11-20-2006, 11:12 PM
|
#5
|
Member
Registered: May 2006
Posts: 141
Original Poster
Rep:
|
Hi Amit
Thanks for the reply
i run this command iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3177 4703K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1657 packets, 4514K bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
1589 4506K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
39 4362 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
38 3925 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1510 189K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Thanks & Regards
Winxandlinx
|
|
|
11-20-2006, 11:27 PM
|
#6
|
Member
Registered: May 2006
Posts: 141
Original Poster
Rep:
|
This is second time
So i am running again
iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.12 -p TCP -j DROP
After ruunging this
Again iptables -vnL
output is
chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
735 79454 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 63 packets, 7295 bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
65 5058 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
669 74348 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Please check and try to solve this problem
Very egar to work in iptables
Last edited by winxandlinx; 11-21-2006 at 03:11 AM.
|
|
|
All times are GMT -5. The time now is 07:20 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|