LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-25-2015, 04:01 PM   #1
kj6eo
LQ Newbie
 
Registered: Feb 2015
Posts: 6

Rep: Reputation: Disabled
Firewall Question - IPTABLES


Hello and thanks for reading my post. I'm running an Ubuntu Server (Ubuntu 12.04.3 LTS) on a 3.8.0-29 generic kernel (iptables v1.4.12). For a long time now I've been using iptables to limit (hitcount) connections on ports 21 and 110. Recently, I decided to limit connections on port 25. So, I decided to use the same iptables commands I used for ports 21 and 110 (which work perfectly) for port 25. To my surprise, for whatever reason iptables completely ignores the rules that I set up for port 25. Here are the rules for port 21 and 110:

Code:
# Limit incoming connections to port 21 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --set
$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
And

Code:
# Limit incoming connections to port 110 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --set
$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
My general TCP rules (before the port specific rules):

Code:
# General INPUT rules

$IPTABLES -A INPUT -p tcp --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP
Port 25 rules:

# Limit incoming connections to port 25 to no more than 5 attempts in 1 minute. Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --set
$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP

So far, I haven't been able to figure the problem out. I'd like to ask for some suggestions from those of you who know iptables well. Any comments you might have would be appreciated.

Last edited by kj6eo; 02-25-2015 at 04:05 PM. Reason: Left something out
 
Old 02-25-2015, 06:35 PM   #2
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
So your ruleset is the following if I understand..

Code:
# General INPUT rules

$IPTABLES -A INPUT -p tcp --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP

# Limit incoming connections to port 21 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --set 
$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP

# Limit incoming connections to port 110 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --set
$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP

# Limit incoming connections to port 25 to no more than 5 attempts in 1 minute. Any more than that will be dropped!

$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --set
$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
Remember - if a packet is accepted, it no longer goes down the chain. Same with being dropped.
My impression is that all new packets are accepted and then all established as accepted, then everything else is discarded..
Doesn't leave much room for your other rules since they are pretty much all accepted it seems. Also, if it is accepted before it hits the -m recent rules, it doesn't raise the counter.

Code:
# Accept established connections
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Limit incoming connections to port 21 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 21 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT21
$IPTABLES -A INPUT -p tcp --dport 21 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT21 -j DROP

# Limit incoming connections to port 110 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 110 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT110
$IPTABLES -A INPUT -p tcp --dport 110 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT110 -j DROP

# Limit incoming connections to port 25 to no more than 5 attempts in 1 minute. Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 25 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT25
$IPTABLES -A INPUT -p tcp --dport 25 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT25 -j DROP

$IPTABLES -A INPUT -p tcp -m multiport --dport 21,25,110 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP
Notice I named each set, hopefully that will avoid each --set triggering other ones.
I also changed -m state --state to -m conntrack --ctstate since -m state is being deprecated at some point (mostly a best practice thing)
I also readjusted the listing so that the port trackers have a chance.
Notice the second to last line will now accept connection packets from ports 21,110,25 (after being subjected to recent counters!). Otherwise they are dropped.
I also changed -I to -A since -I (as I understand) meant to be used to insert rules between others, not a normal append. Either way works though.

Last edited by Miati; 02-25-2015 at 06:58 PM.
 
Old 02-27-2015, 08:06 PM   #3
kj6eo
LQ Newbie
 
Registered: Feb 2015
Posts: 6

Original Poster
Rep: Reputation: Disabled
Miati - Thank you for responding to my post. Your rules worked correctly. However after implementing them I discovered that TCP traffic outside the rules for 21,25,110 wasn't being handled. I think the best way to help you understand what is going on would be for me to post my entire firewall script. So here it is:

Code:
#!/bin/sh

# /etc/init.d/rc.firewall - Firewall script for xxxx.com - Updated 5/2/2014

# Program locations

IPTABLES="iptables"

# Whitelist

WHITELIST=/etc/init.d/whitelist.txt

# Blacklist

BLACKLIST=/etc/init.d/blacklist.txt

# Configuration options

# Internet Configuration

# INET Configuration

INET_IP="xxx.x.xxx.xxx"
INET_IFACE="eth0"
INET_BROADCAST="xxx.x.xxx.255"

# LAN Configuration

LAN_IP="192.168.1.1"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BROADCAST_RANGE="192.168.255.255"
LAN_IFACE="eth1"
REMOTE_IP="192.168.1.13"

# Localhost Configuration

LO_IFACE="lo"
LO_IP="127.0.0.1"

# Module Loading

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state


###########################################################################

# Enable broadcast echo Protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f
done

# Enable TCP SYN Cookie Protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f
done

# Drop Spoofed Packets coming in on an interface which if replied to
# would result in the reply going out a different interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f
done

# Log packets with impossible addresses.
for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo 1 > $f
done

############################################################################

# Proc set up

# Enable packet forwarding in the kernel
echo "1" > /proc/sys/net/ipv4/ip_forward

# Set default policies to DROP

$IPTABLES -P INPUT	DROP
$IPTABLES -P OUTPUT	DROP
$IPTABLES -P FORWARD	DROP

# Reset the firewall

$IPTABLES -F 
$IPTABLES -X 
$IPTABLES -F -t nat

#
## Whitelist
#

for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
$IPTABLES -A INPUT -s $x -j ACCEPT
done

#
## Blacklist
#

for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
echo "Denying $x..."
$IPTABLES -A INPUT -s $x -j DROP
done

$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "new not syn:"
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# General INPUT rules

$IPTABLES -A INPUT -p tcp --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP

# Port Specific TCP rules

# Limit incoming connections to port 21 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 21 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT21
$IPTABLES -A INPUT -p tcp --dport 21 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT21 -j DROP

#$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --set
#$IPTABLES -I INPUT -p tcp --dport 21 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --#hitcount 5 -j DROP

# Limit incoming connections to port 25 to no more than 5 attempts in a minute. Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 25 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT25
$IPTABLES -A INPUT -p tcp --dport 25 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT25 -j DROP

#$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --set
#$IPTABLES -I INPUT -p tcp --dport 25 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --#hitcount 5 -j DROP

# Limit incoming connections to port 110 to no more than 5 attempts in a minute.  Any more than that will be dropped!

$IPTABLES -A INPUT -p tcp --dport 110 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --set --name PORT110
$IPTABLES -A INPUT -p tcp --dport 110 -i $INET_IFACE -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 --name PORT110 -j DROP

#$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --set
#$IPTABLES -I INPUT -p tcp --dport 110 -i $INET_IFACE -m state --state NEW -m recent --update --seconds 60 --#hitcount 5 -j DROP

$IPTABLES -A INPUT -p tcp -m multiport --dport 21,25,110 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP

# Drop UCSB RESNET HACKER

$IPTABLES -A INPUT -s 169.231.4.166 -d 0/0 -j DROP

# Drop people trying to hack my FTP server

/etc/init.d/./ftp.blocklist

# Drop people trying to hack my mail servers

$IPTABLES -I INPUT -s 75.149.240.0/24 -j DROP
$IPTABLES -I INPUT -s 173.9.173.0/24 -j DROP
$IPTABLES -I INPUT -s 85.25.44.0/24 -j DROP
$IPTABLES -I INPUT -s 165.254.156.0/24 -j DROP

# ICMP rules

#$IPTABLES -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $INET_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A OUTPUT -p icmp --icmp-type 0 -s $INET_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#$IPTABLES -A OUTPUT -p icmp --icmp-type 8 -s $INET_IP -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $INET_IP -m state --state ESTABLISHED,RELATED -j ACCEPT

#$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 8 -j DROP
#$IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 11 -j DROP

# Input chain

# Special INPUT rules for LAN 

$IPTABLES -A INPUT -p all -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p all -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p all -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p all -i $LO_IFACE -s $INET_IP -j ACCEPT

#Special rule for WOL Packets

#$IPTABLES -A INPUT -p udp --dport 9 -j ACCEPT

# Special rule for DNS requests

$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT

# Special rule for NTS requests

$IPTABLES -A INPUT -p udp --dport 123 -j ACCEPT

# Special rule for DHCP requests from the LAN

$IPTABLES -A INPUT -p udp -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT

# Allow access to higher ports (1024) necessary for Web Browsing

$IPTABLES -A INPUT -p tcp --dport 1024: -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 1024: -j ACCEPT

# Let everything on the LAN access the Internet

$IPTABLES -A INPUT -i $LAN_IFACE -s 0/0 -d $INET_IP -j ACCEPT

# TCP INPUT rules - Port Specific - Port 22 SSH (no access)

$IPTABLES -A INPUT -p tcp --dport 22 -j DROP	                                #(Drop all connects)

# TCP INPUT rules - For WMA Radio Station Stream

$IPTABLES -A INPUT -s $INET_IP -d 0/0 -p tcp --dport 7878 -j 		ACCEPT

# TCP INPUT rules - For Icecast2 Radio Station Streams

$IPTABLES -A INPUT -s $INET_IP -d 0/0 -p tcp --dport 7979 -j 		ACCEPT
$IPTABLES -A INPUT -s $INET_IP -d 0/0 -p tcp --dport 8080 -j 		ACCEPT

# FORWARD chain

# General FORWARDING rules

$IPTABLES -A FORWARD -i eth1 -o $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT

# More specific FORWARD rules

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -o $INET_IFACE -j ACCEPT

# Enable forwarding of tcp port 7878 for WMA Radio Station Stream > LAN broadcast server

#$IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.168.1.15 --dport 7878 -j ACCEPT

# Enable NAT port forwarding for WMA Radio Station Stream requests from INET to LAN broadcast server (tcp port 7878)

#$IPTABLES -t nat -A PREROUTING -p tcp -i $INET_IFACE -d $INET_IP --dport 7878 -j DNAT --to 192.168.1.15:7878

# Enable SNAT (MASQUERADE) functionality on eth0

$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

# OUTPUT chain

# Allow specific IP's out

$IPTABLES -A OUTPUT -p all -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p all -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p all -s $INET_IP -j ACCEPT

# END
I had to insert:

Code:
$IPTABLES -A INPUT -p tcp --syn -j ACCEPT
Before the general input rules to get things working again. I appreciate your help, please let me know if this information was helpful.
 
Old 02-27-2015, 10:43 PM   #4
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Code:
$IPTABLES -P INPUT	DROP
$IPTABLES -P OUTPUT	DROP
$IPTABLES -P FORWARD	DROP
First, it should be noted that when making a firewall, you should do either one of two things.
Make default policy to ACCEPT and decide what should be blocked.
Make default policy to DROP and decide what should be allowed.

Both have advantages and disadvantages. Most basically, a policy of ACCEPT is easier to implement and shouldn't accidently block out good traffic. But - if you forget a corner, you have a exposed firewall.
A policy of DROP is harder to implement, since you have to define everything to be allowed. But - If you forget something you haven't exposed a giant leak, you likely annoyed person x or company n.
Generally, the second is preferable (you know, liability wise).

I see in your firewall the policy is drop to everything. Then I see firewall rules to drop. Unless they are followed by a accept rule they are useless (for example, drop if connected from external network but accept otherwise)
Code:
iptables -P INPUT DROP
iptables ! -s 192.168.1.1/24 -j DROP
iptables -j ACCEPT
But this is useless
Code:
iptables -P DROP
iptables -s 192.168.1.1/24 -j DROP
as is this with a policy of DROP
Code:
$IPTABLES -I INPUT -s 75.149.240.0/24 -j DROP
$IPTABLES -I INPUT -s 173.9.173.0/24 -j DROP
$IPTABLES -I INPUT -s 85.25.44.0/24 -j DROP
$IPTABLES -I INPUT -s 165.254.156.0/24 -j DROP
Does this make sense why? Since the packet never meets a "ACCEPT" rule, it continues to the end and then is dropped.

Quote:
However after implementing them I discovered that TCP traffic outside the rules for 21,25,110 wasn't being handled.
Since you have a default policy of DROP, you must know everything that is to be allowed.

Code:
$IPTABLES -A INPUT -p tcp --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -j DROP
Fyi, the conntrack and state rules are doing the same thing.
Also, the first two lines will match essentially all packets - rendering everything below it useless.
Basically, it is saying - is this packet a new connection packet? Yes? ACCEPT
Or... Is this a established or related connection? Yes? ACCEPT
Tell me, what traffic will not be one of those two? You may as well have a policy of ACCEPT, since everything will be accepted.
Also, provided literally anything makes it through those first three lines (99% will be accepted), it is automatically dropped afterward. So it never has a chance to be filtered below.

Remember - iptables works like this. Pretend we have 4 rules.

Does it match rule 1? No? Does it match rule 2? No? Does it match rule 3? Yes? Ok, it is now DROPPED/ACCEPTED
It is no longer proccessed at this point and the next packet is checked. Rule 4 is never checked. This is vital to understanding iptables and I suspect it may be part of your confusion.

_____



I'm not going to rewrite your iptable script. But please understand that everything under the rule "$IPTABLES -A INPUT -p tcp -j DROP" makes all other tcp rules in the INPUT chain not relevant since they are never checked.
 
Old 02-28-2015, 12:55 PM   #5
kj6eo
LQ Newbie
 
Registered: Feb 2015
Posts: 6

Original Poster
Rep: Reputation: Disabled
Miati - Thank you for responding to my post and for your suggestions. I supplied you with a copy of my firewall as a means of defining problems, not in hopes that you would have rewritten it for me. Although I have been playing around with Linux since RedHat 5.2, iptables isn't something that I know well. My firewall script was put together from various examples of other scripts, thus the redundantcies and or mistakes. Although it might not follow proper protocol, it does work. Your guidance is appreciated. I'll start work on writing another firewall script now. There are lots of HOWTO's floating around.
 
Old 03-01-2015, 03:39 PM   #6
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
This guide has assisted me in learning iptables
https://www.frozentux.net/documents/iptables-tutorial/

From my reasoning above about everything matches it seems very similar to a catch-all which is basically the same as no firewall.
If your firewall accepts all traffic, is it really working?
While there are proper protocols for writing rule sets, my point was more about how rules become irrelevant due to above rules being too "greedy"
TBH, a good firewall can be written with very few rules. The below is similar to my firewall and is very unintrusive. Obviously, your needs are not my needs but it may serve as a starting point.

Code:
ipt=/sbin/iptables


$ipt -F

$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT

$ipt -A INPUT -i lo -j ACCEPT # Permit loopback
$ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Permit established connections

# SSH
$ipt -A SSH -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name SSH
$ipt -A SSH -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --rttl --seconds 10 --hitcount 5 --name SSH -j REJECT
$ipt -A SSH -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT

$ipt -A INPUT -s 192.168.1.1/24 -j REJECT
Notice that OUPUT policy is to ACCEPT. I presume that if it's generated by a process on my computer - it is trusted.
Also note the order of the ssh accept. If a new connection to port 22 is made more then 5 times in 10 seconds - it is rejected.
then it is accepted.
note the location of the reject at the bottom. It is a widespread net (only criteria is from 192.168.1.1/24) so I expect it will match frequently.
The reasoning behind this is it is likely if it is lan, I would want a reject message to troubleshoot as opposed to a drop that simply does nothing with a packet.
If it is from a external network though, it is dropped without response.

---
Quote:
I supplied you with a copy of my firewall as a means of defining problems, not in hopes that you would have rewritten it for me
Yes, I figured. I like to say that to be clear in a fyi fashion.

Feel free to post whatever you come up with if you're unsure it is doing what you want.

Last edited by Miati; 03-01-2015 at 03:44 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about firewall and iptables centosfan Linux - Server 8 11-10-2008 02:49 AM
iptables firewall rule question xxrsc Linux - Networking 8 06-07-2006 03:57 PM
Question about IPtables/firewall rules ilan1 Linux - Security 3 02-21-2006 12:58 AM
Iptables question? What is this? :RH-Firewall-1-INPUT - [0:0] abcampa Linux - Security 3 05-09-2005 01:44 PM
firewall/iptables question iceman47 Linux - Networking 4 12-19-2002 03:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration