Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It depends a bit on your firewall layout. One simple - and, I believe, common - general set of rules is
(1) INPUT chain: allow ESTABLISHED and RELATED packets
(2) OUTPUT chain: allow NEW, ESTABLISHED and RELATED packets
If this is what you use, then all you have to do is open for NEW incoming packets (assuming your network interface is eth0):
iptables -I INPUT -i eth0 -p tcp --syn -m state --state NEW --source 192.168.1.100 -j ACCEPT
This is only for TCP traffic as you can see by the "-p tcp" part. This rule accepts incoming connections from 192.168.1.100, i.e. you can use ssh to login from 192.168.1.100, or access your web server or whatever.
To further also allow incoming NEW udp and icmp ("ping") packets, then add two more lines:
iptables -I INPUT -i eth0 -p udp -m state --state NEW --source 192.168.1.100 -j ACCEPT
iptables -I INPUT -i eth0 -p icmp -m state --state NEW --source 192.168.1.100 -j ACCEPT
The NEW state basically consists of "requests", which means that if you don't have any servers running on the box, then you don't need to accept anything NEW in the INPUT chain. Except for icmp stuff perhaps, if you want to be able to ping your box.
If you do NOT have your firewall set up according to (1) and (2) above, then add these lines (which are specifically written for 192.168.1.100):
The first line here takes care of (1), and the second (2) - but only for 192.168.1.100. Especially the OUTPUT chain rule that accepts NEW, ESTABLISHED and RELATED packets outbound for 192.168.1.100 is rather silly. I think it's quite common to use variants of the above two rules that takes care of packets to and from all hosts:
my opinion is in the form of the following rules may be i could be wrong if i do so please guide me as well because i am also learning iptables right now...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.