Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-07-2011, 02:48 PM   #1
LQ Newbie
Registered: Apr 2011
Posts: 1

Rep: Reputation: 0
Adjust iptables to only inbound syn connections

Hi, I need some help. I'm trying to adjust the firewall to only inbound syn connections. To Allow all home subnets access to port 53 both tcp/udp but deny the rest.


:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Old 04-07-2011, 07:02 PM   #2
Registered: Dec 2009
Location: Los Angeles
Distribution: Fedora ,CentOS, RHEL
Posts: 59

Rep: Reputation: 17
This will do what you need, it's not in Redhat's iptables script format, but you'll get the idea.

# Variables
IPADDR = "Your IP address"
HOME_SUBNET = "" # Specify your home subnet here.

# Removing existing rules
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

# Set the default policy for the filter table to DROP
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

# Allowing unlimited trafic on the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Put this inside conditional, just in case connection tracking is not enabled in kernel
if [ "$CONNECTION_TRACKING" = "1" ]; then
# Allowing established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allowing all traffic to port 53 from HOME_SUBNET
iptables -A INPUT -i eth0 -d $IPADDR --dport 53 -j ACCEPT
iptables -A OUTPUT -o eth0 -s $IPADDR --sport 53 -j ACCEPT


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firestarter deny ipadresse from inbound connections LuggerHouse Linux - Networking 2 07-17-2008 11:08 AM
Can't make inbound connections, and servers won't activate (no ports available) CJ Chitwood Linux - Networking 7 01-22-2008 07:53 PM
iptables - -syn yawe_frek Linux - Security 2 12-02-2006 03:26 PM
firewall using dynamic dns for inbound connections ptah_be Linux - Security 8 02-06-2006 03:44 AM
No Shorewall/IPtables: not inbound connections allowed psychobyte Mandriva 3 05-25-2005 01:29 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:18 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration