LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-04-2007, 03:25 AM   #1
rejeep
Member
 
Registered: Mar 2007
Distribution: Gentoo
Posts: 49

Rep: Reputation: 15
Help with iptables rules


Hi!

I need some help with my iptables rules.
I want to reject all incomming and forwarding traffic and allow all outgoing traffic.
I want to drop some ports and I want to allow SSH.

The problem is that I can't log in through SSH with there rules.
Code:
#!/bin/bash

IPTABLES = /sbin/iptables

# Clear and flush tables.
$IPTABLES -F
$IPTABLES -Z

# Reject all incomming and forwarding traffic. Accept all outgoing traffic.
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -j REJECT
$IPTABLES -A FORWARD -j REJECT

# Drop traffic on ports: 135, 137, 138, 139 and 445
$IPTABLES -A INPUT -p tcp --destination-port 135 -j DROP
$IPTABLES -A INPUT -p tcp --destination-port 137:139 -j DROP
$IPTABLES -A INPUT -p tcp --destination-port 445 -j DROP

# Accept SSH.
$IPTABLES -A INPUT -p tcp --destination-port 22 -j ACCEPT
I would also like to know which kernel options I need to have to be able to use this.
Code:
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Thanks!
 
Old 04-04-2007, 03:32 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well you're alreeady rejecting the traffic in the rule above, yeah? move it higher and it'll take presedence ans it 'll be matched first.
 
Old 04-04-2007, 03:38 AM   #3
rejeep
Member
 
Registered: Mar 2007
Distribution: Gentoo
Posts: 49

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie
well you're alreeady rejecting the traffic in the rule above, yeah? move it higher and it'll take presedence ans it 'll be matched first.
Ohhh... I have got this all wrong.

I thought that the onces below had presedence over the above.

Thanks for clearing that out for me...

So... I quess this work better then!
Code:
#!/bin/bash

IPTABLES=/sbin/iptables

# Clear and flush tables.
$IPTABLES -F
$IPTABLES -Z

# Accept all outgoing traffic.
$IPTABLES -P OUTPUT ACCEPT

# Drop traffic on ports: 135, 137, 138, 139 and 445
$IPTABLES -A INPUT -p tcp --destination-port 135 -j DROP
$IPTABLES -A INPUT -p tcp --destination-port 137:139 -j DROP
$IPTABLES -A INPUT -p tcp --destination-port 445 -j DROP

# Accept SSH.
$IPTABLES -A INPUT -p tcp --destination-port 22 -j ACCEPT

# Reject all incomming and forwarding traffic.
$IPTABLES -A INPUT -j REJECT
$IPTABLES -A FORWARD -j REJECT

Last edited by rejeep; 04-04-2007 at 05:14 AM.
 
Old 04-04-2007, 05:15 AM   #4
rejeep
Member
 
Registered: Mar 2007
Distribution: Gentoo
Posts: 49

Original Poster
Rep: Reputation: 15
It is now fixed! Thanks!

Last edited by rejeep; 04-04-2007 at 07:56 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
where are my new iptables-rules? xpucto Fedora 4 03-21-2007 07:42 AM
need help with iptables rules asimov Linux - Security 2 07-19-2006 02:44 PM
IPTABLES - rules in /etc/sysconfig/iptables The_JinJ Linux - Newbie 6 11-20-2004 01:40 AM
iptables rules chrisfirestar Linux - Security 2 10-29-2003 02:30 AM
iptables rules hazza96 Linux - Security 3 09-09-2001 11:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration