iptables

user1029 · 05-08-2006, 07:04 AM

Hi there, i am new to iptables and i need to find out how to implement following rules:

setup default policies of DROP for the input chain and REJECT for the other 2 default chains.
ii) allow any input/output traffic over the loopback interface ie lo
iii) deny any incoming packets claiming to be from your IP address and log them
iv) deny any packets from/to the following networks and log them
class A 10.0.0.0 NB class A networks have an 8-bit netmask
class B 72.16.0.0 NB class B networks have a 16-bit netmask
Class D 224.0.0.0 with a 4 bit netmask
Class E 240.0.0.0 with a 5 bit netmask
v) deny incoming/outgoing packets on eth0 which have an address of 127.0.0.1 and log them

Thanks for any help.

jschiwal · 05-08-2006, 07:37 AM

This site has a policy against doing people's homework problems.

iptables is the program that sets up netfilters tables. There is documentation at the netfilter homepage: http://www.netfilter.org/

jschiwal · 05-08-2006, 07:48 AM

Also check in /usr/share/doc/packages/iptables/packet-filtering-HOWTO.html. This directory may also contain documentation on NAT.

Linux~Powered · 05-08-2006, 12:15 PM

This should work for you.

Quote:

setup default policies of DROP for the input chain and REJECT for the other 2 default chains.

iptables -F
iptables -X
iptables -N LOG_DROP

#Default policies..

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Quote:

deny any packets from/to the following networks and log them

#Log rules...

iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j LOG_DROP
iptables -A INPUT -i eth0 -s 224.0.0.0/4 -j LOG_DROP
iptables -A INPUT -i eth0 -s 240.0.0.0/5 -j LOG_DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j LOG_DROP

#Drop them...

iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eth0 -s 224.0.0.0/4 -j DROP
iptables -A INPUT -i eth0 -s 240.0.0.0/5 -j DROP
iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP

Quote:

ii) allow any input/output traffic over the loopback interface ie lo

# Allow loopback connections.

iptables -A INPUT -i lo -j ACCEPT

# Rules for logging packets.

iptables -A LOG_DROP -j LOG --log-prefix "[IPTABLES DROP] : " --log-tcp-options --log-ip-options --log-level 3

Edit your syslog.conf file by adding these two lines...

# Log rc.firewall packets.
kern.3 /var/log/firewall

Restart syslogd and your done.

user1029 · 05-15-2006, 08:07 AM

Thank you Linux~Powered so much. I really appreciate your help.