Hello all expert Linux administrator, i truly noob to Linux iptables.

I hacked by ISP because i realized that my iptables rules has 2 additional rules which accept them.

I very suffered, disappointed and stressful for few weeks without Linux. I afraid connect to internet.

My Iptables requirements:

1. Delete the unnecessary rules edit/add by my ISP.

2. Block my ISP access to my network

3. Block any incoming connection which not request by me.

4. Block ICMP and DOS.


Below is my latest iptables configuration file which edited by my ISP.


I hope you all can help me out.

Thanks four your help.

Your help is greatly appreciated by me and others.

I realized the Chain input and output has been add 2 rules by my ISP which is 1 ACCEPT tcp -- 192.168.1.1 0.0.0.0/0 tcp flags:!0x17/0x02
2 ACCEPT udp -- 192.168.1.1 0.0.0.0/0

How did your ISP get access to your system in the first place?

Do you run any servers on your computer?

I do not have any server. I have no idea how they can accessed to my network.

A step by step and some explanations in how to solve this is required because i am very stupid.


Thanks.

I also download the arno iptables.

Are there any other indications your system was compromised? Type last and see who has all logged in properly, and from where.

Those rules may have been added with an update to a basic firewall config with your distribution.

Are you running tripwire to find any filesystem changes? Usually, an extra port will be open that brings the hacker to a suid root shell (no login), or an extra binary in /cgi-bin if running a web server, so more attacks can be launched.

Are all log files intact? /var/log/syslog /var/log/messages, etc. If there are files there, which there should be, if not, your machine was probably compromised. Time consuming, but read them.

If you block packets to/from your ISP, it will keep you from connecting to the internet, since you would be blocking all inbound traffic from your ISP router.

What distribution of Linux are you using? Package names and detailed instructions can be given when the distro is known. (RedHat, Debian, etc)

How about stateful frewall ? I have read some articles which can block second connections to my network.

How to install arno-iptables ? A step by step may required.

Thanks for your help.

This is my latest Iptables Rules.

Any problem with my settings ?

How do i connect my internet messenger? I cannot connect the pidgin.

Thanks for your help.

Your help is greatly appreciated by me and others.

Please help me. Thanks.

I would use a more basic IPTables ruleset unless you intend to run servers. I would generally not limit any outbound connections. I would use state-based rules and open no ports. You'd only need to accept established and related inbound packets.

What is state-based rules ? Is it the stateful firewall ? Any problem with my iptables rules ?

One thing as well, how are you connecting to your ISP?

Is it through a cable, ADSL modem, or dialup?.

Plus as someone has already asked, what distro are you using?

The more we know, they better we can help

I connect to my ISP through ADSL modem. I using Fedora 7. Thanks for your help.