Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-31-2005, 06:33 AM   #1
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Rep: Reputation: 30
iptables good practice - 2 questions

Hi all,
1) I've just read in another thread that iptables script should not be in root home directory. It should be in /etc. Why that? What's wrong with iptables script being in the /root directory?

2) iptables scripts should be run before any network interface comes up. How can I set the rules based source or destination address associated with a domain? (ex: iptables -A OUTPUT -d -p tcp --dport 80 -j DROP).
I could use the the IP instead of the domain name, but what can I do when I use dyndns and I always have a domain name which points to the IP which changes every day? If the network interface is down iptables canít make the dns request for that domain.

best regards,
Old 05-31-2005, 07:09 AM   #2
Senior Member
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
1) I don't really see a problem with this, other then the fact I personally don't like to clutter root's home directory with system configuration files. In general /etc is the "correct" place for system configuration files to live.

2) If you want to do it by domain then the only thing I can think of is a two stage iptables script system. Stage 1 drops everything incoming accept replies to outgoing requests.... then you bring up the interface... then the stage 2 script does all the specific dropping such as your rule. This will give a very small window during boot up where a user could get to, but it allows you to bring up your interfaces without having any window for external attacks. If this box is a router you could always bring up the local network routing rules in the second stage so that nobody could get through the box till all to the outside world until all your other rules were applied.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this good iptables practice ? michaelsanford Linux - Security 1 05-21-2005 09:32 PM
IPTABLES Firewall (Good enough????) wardialer Linux - Security 10 03-01-2005 09:29 AM
installing and managing new apps. good practice! bikov_k Linux - Newbie 4 10-02-2004 04:23 PM
A good practice for compiling? Micro420 Mandriva 29 08-09-2004 03:36 AM
Good Old IPTABLES Question jrmann1999 Linux - Networking 2 06-20-2001 09:59 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration