LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-09-2005, 08:18 PM   #1
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Rep: Reputation: 15
IPTABLES Issues


I've got absolutely no experience in manually configuring IPTABLES. I've been trying to secure my Trustix server with information that I've come across online without any luck. I was wondering if any of you could help me?

I just found this in another related post.

Code:
## == mdh firewall =======
#!/bin/sh

# remove existing rules
iptables --flush
iptables -t nat --flush
iptables --delete_chain
iptables --zero

# Set up a default DROP policy for the built-in chains.
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP

# Allow all traffic through the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow initiated traffic in
iptables -A INPUT -m state --state RELATED,EXISTING -j ACCEPT

# Uncomment to allow SSH connections
#iptables -A INPUT -t tcp -j ACCEPT -dport 22

# Allow all traffic out
# Any other output rule should go /before/ this one
iptables -A OUTPUT -m state --state NEW,RELATED,EXISTING -j ACCEPT
I'm currently running Samba and SSH. However, I'm using eth0 as my internal and external interface. Is there a way to open and restrict the SMB and SSH ports to two staticly assigned IP addresses within my internal network using this IPTABLES script?

I personally don't need any other open ports on that machine, other than to aquire security updates.

Any help will be greatly appreciated.
 
Old 09-09-2005, 11:03 PM   #2
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Original Poster
Rep: Reputation: 15
Anyone?
 
Old 09-10-2005, 01:18 AM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
I didn't actually read your question but strongly suggest
to re-read our rules. bumping a post before 24 hours
have passd is breaking them. That said: if you leave
your thread alone it gets "bumped" twice automatically,
better exposure than with your own bump.


Cheers,
Tink
 
Old 09-10-2005, 02:06 AM   #4
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Original Poster
Rep: Reputation: 15
Wow, I apologize. I'll make sure to actually read the rule's. Also, thank you for not being a complete hardass and assisting me with the issue after stating that I had broken the bump rule lol.
 
Old 09-10-2005, 02:48 AM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
How's your network set-up in the first
place? What is your router, how is it
dealing with incoming connections?

With the given information there's not
much people can help you with ;}

Cheers,
Tink
 
Old 09-13-2005, 12:20 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Re: IPTABLES Issues

Quote:
Originally posted by Soulful93
I'm currently running Samba and SSH. However, I'm using eth0 as my internal and external interface. Is there a way to open and restrict the SMB and SSH ports to two staticly assigned IP addresses within my internal network using this IPTABLES script?
sure, just add the IP(s) to the rules in question... for example, for SSH:
Code:
iptables -A INPUT -i eth0 -p TCP --dport 22 -s 192.168.0.150 \
-m state --state NEW -j ACCEPT

iptables -A INPUT -i eth0 -p TCP --dport 22 -s 192.168.0.151 \
-m state --state NEW -j ACCEPT
BTW, that script you posted could use some cleanups, like so:
Code:
#!/bin/sh

echo "0" > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -F -t nat
iptables -F -t mangle

iptables -X
iptables -X -t nat
iptables -X -t mangle

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#iptables -A INPUT -i eth0 -p TCP --dport 22 -s 192.168.0.150 \
#-m state --state NEW -j ACCEPT

#iptables -A INPUT -i eth0 -p TCP --dport 22 -s 192.168.0.151 \
#-m state --state NEW -j ACCEPT

Last edited by win32sux; 09-13-2005 at 12:29 PM.
 
Old 09-15-2005, 08:54 PM   #7
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Original Poster
Rep: Reputation: 15
Thank you for your replies. I'd also like to apologize for being short with you Tink, it had been a long day; and I'd been trying to get something up for over a week. I realize I shouldn't have bumped the thread, and I apologize.

That being said, I bought a couple of books and I've been looking at scripts on the Internet. I've also used some suggestions from this thread =). I've got a strange problem now.

Every time I run the script I get the following error:

Code:
iptables: No chain/target/match by that name
However, if I run the script a second time I don't get any errors. This poses a real issue when it's being called on boot. Does anyone have any idea's?

This is the script I'm currently using. I only need SSH and Samba, aside from downloading security updates from FTP and HTTP servers. Any suggestions are welcome.

Code:
IPT="/sbin/iptables"

#Load The Module
modprobe ip_tables

#Flush The Old Rules, Delete Chain If It Exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall
echo Old Rules Flushed

#Set Up The Firewall Chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP

#Accept Loopback
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

#Accept DNS
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT

#Allow FTP Transfer
$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT

#Allow HTTP Transfer
$IPT -A INPUT -p tcp ! --syn --source-port 80 --destination-port 80 -j ACCEPT

#Accept SSH
$IPT -A INPUT -i eth0 -p tcp --dport 22 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 22 -s 192.168.255.4 \-m state --state NEW -j ACCEPT

#Accept Samba Requests
$IPT -A INPUT -i eth0 -p tcp --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -i eth0 -p udp --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -i eth0 -p udp --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT

#Send Everything Else To The Firewall
$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall

echo Firewall Up
 
Old 09-15-2005, 11:12 PM   #8
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I'd imagine that the error your seeing is due to trying to flush the firewall chain at the beginning of the script before the chain is even created with the -N switch. When you run it the first time, there is no "firewall" chain so you get the error. The chain is then created further on in the script so that the "firewall" chain does already exist when you run the script subsequent times.

Secondly, I would recommend completely removing the firewall chain and just using the default INPUT and OUTPUT chains. The firewall chain isn't really doing much and is just consuming extra resources. Also the way you've configured your firewall, because the default chains are never explicitly set they are defaulted to ACCEPT. Normally you would just use a cleanup rule (like the firewall chain) and drop all unwanted packets. However, you're just passing only the tcp syn, udp and icmp packets to the firewall chain. That means all the other tcp flagged packets don't go to "firewall" and hit the default INPUT chain which is set to accept. So an ack or rst scan or packets using other protocols would pass right through the firewall.

I would also recommend against using the ! --syn method of allowing only reply traffic. Iptables allows you to do true statefull filtering, which is much more powerfull than the ! --syn trick which suffers from the same problem when dealing with ack or rst scans. I would recommend using the script posted by win32sux as a guide, especially note the portions that use ESTABLISHED,RELATED state matching.
 
Old 09-16-2005, 12:09 AM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by Soulful93
This is the script I'm currently using. I only need SSH and Samba, aside from downloading security updates from FTP and HTTP servers. Any suggestions are welcome.
okay, here's my suggestions, just to add to what has already been said by Capt_Caveman:

Quote:
Code:
#Load The Module
modprobe ip_tables
you don't need this, this module will be loaded automatically...

Quote:
Code:
#Flush The Old Rules, Delete Chain If It Exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall
echo Old Rules Flushed
what about the mangle table?? you're doing a lot of flushing but no deleting... take a look at the -F and -X rules in the script i posted earlier...

Quote:
Code:
#Set Up The Firewall Chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP
well, as has already been said, get rid of this "firewall" chain ASAP... it's ludicrous...

Quote:
Code:
#Accept Loopback
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
try this simpler rule instead:
Code:
$IPT -A INPUT -i lo -j ACCEPT
Quote:
Code:
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT
you should use the destination port instead, and try to make use of the state table... also specify the interface and BTW what are you using ident for?? :
Code:
$IPT -A INPUT -i eth0 -p UDP --dport 53 -m state --state NEW -j ACCEPT
Quote:
Code:
#Allow FTP Transfer
$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT
read the part called connection tracking of whichever iptables tutorial you are using... it's a feature of netfilter/iptables which makes precisely these type of rules a thing of the past... your ftp rule need not look much more complicated than this:
Code:
$IPT -A INPUT -i eth0 -p TCP --dport 21 -m state --state NEW -j ACCEPT
of course you'll need to have loaded the ip_conntrack_ftp at the top of your script for connection tracking to work with the ftp protocol...

Quote:
Code:
#Allow HTTP Transfer
$IPT -A INPUT -p tcp ! --syn --source-port 80 --destination-port 80 -j ACCEPT
are you 100% positive that all these packets will come with the same source port?? if not, get rid of the source port match:
Code:
$IPT -A INPUT -i eth0 -p TCP --dport 80 -m state --state NEW -j ACCEPT

then of course there all the other stuff, like stuff you missed... rules for ESTABLISHED,RELATED packets, a bad packet chain would be nice, you didn't set your policies, if you're running this as a startup script (without using iptables-save, etc) then you wanna make sure forwarding is disabled from within the script, etc. etc. etc...


Last edited by win32sux; 09-16-2005 at 12:28 AM.
 
Old 09-16-2005, 12:27 AM   #10
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's a script i wrote based on the one i posted above, with your rules backported:

Code:
#!/bin/sh

IPT="/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

/sbin/modprobe ip_conntrack_ftp

$IPT -F

$IPT -F -t nat

$IPT -F -t mangle

$IPT -X

$IPT -X -t nat

$IPT -X -t mangle

$IPT -P INPUT DROP

$IPT -P OUTPUT ACCEPT

$IPT -N BAD_PACKETS

$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -j BAD_PACKETS

$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p UDP -i eth0 --dport 53 -m state --state NEW -j ACCEPT

#$IPT -A INPUT -p TCP -i eth0 --dport 53 -m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 113 -m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 21 -m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 80 -m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

$IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL ALL -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL NONE -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL SYN \
-m state --state ESTABLISHED -j DROP

$IPT -A BAD_PACKETS -p ICMP --fragment -j DROP

$IPT -A BAD_PACKETS -m state --state INVALID -j DROP

#$IPT -A BAD_PACKETS -d 255.255.255.255 -j DROP

$IPT -A BAD_PACKETS -j RETURN

echo "So let it be written. So let it be done."

Last edited by win32sux; 09-16-2005 at 02:13 AM.
 
Old 09-16-2005, 12:41 AM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by Soulful93
I only need SSH and Samba, aside from downloading security updates from FTP and HTTP servers.
wait... you're NOT running HTTP, FTP, and DNS servers on this box??


Last edited by win32sux; 09-16-2005 at 12:42 AM.
 
Old 09-16-2005, 10:17 AM   #12
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Original Poster
Rep: Reputation: 15
Thank you again for all your help. I'm looking for SSH and Samba inbound from my internal network, and HTTP, DNS, and FTP oubound so I can retreive security patches.
Sorry for the confusion. I'm trying to lock everything else down, because it's not needed. I'm going to use your script as a starting point and I'm going to read some more about iptables.

I'll post what I end up with sometime shortly.
 
Old 09-16-2005, 03:48 PM   #13
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914Reputation: 914
Quote:
Originally posted by Tinkster
How's your network set-up in the first
place? What is your router, how is it
dealing with incoming connections?

With the given information there's not
much people can help you with ;}

I still think that to assess the quality of your rule-set we
need to know how the network is set-up in the first place.

I can only see one interface which to me means that the
rules may or may not be effective to any other machine.


Cheers,
Tink
 
Old 09-16-2005, 04:34 PM   #14
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by Soulful93
Thank you again for all your help. I'm looking for SSH and Samba inbound from my internal network, and HTTP, DNS, and FTP oubound so I can retreive security patches.
Sorry for the confusion. I'm trying to lock everything else down, because it's not needed. I'm going to use your script as a starting point and I'm going to read some more about iptables.

I'll post what I end up with sometime shortly.
okay then all those INPUT rules for FTP, HTTP, DNS, etc are useless. you'd only need those kinda INPUT rules if you wanted to accept those type of incoming packets. if you only need HTTP, DNS, and FTP outbound then if your policy is accept you don't need to put any rules... so you come to the point where you need to make a choice, you can either leave the output policy set at accept, or you can change it to drop and then change the input rules to output rules.... if you are trying to make things as tight as you can, then you wanna make the output policy drop:

Code:
#!/bin/sh

IPT="/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

/sbin/modprobe ip_conntrack_ftp

$IPT -F

$IPT -F -t nat

$IPT -F -t mangle

$IPT -X

$IPT -X -t nat

$IPT -X -t mangle

$IPT -P INPUT DROP

$IPT -P OUTPUT DROP

$IPT -N BAD_PACKETS

$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -j BAD_PACKETS

$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.3 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.4 \
-m state --state NEW -j ACCEPT

$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

$IPT -A OUTPUT -o lo -j ACCEPT

$IPT -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A OUTPUT -p TCP -o eth0 --dport 443 -m state --state NEW -j ACCEPT

$IPT -A OUTPUT -p TCP -o eth0 --dport 80 -m state --state NEW -j ACCEPT

$IPT -A OUTPUT -p UDP -o eth0 --dport 53 -m state --state NEW -j ACCEPT

$IPT -A OUTPUT -p TCP -o eth0 --dport 21 -m state --state NEW -j ACCEPT

$IPT -A OUTPUT -p ICMP -o eth0 --icmp-type 8 \
-m state --state NEW -j ACCEPT

$IPT -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "

$IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL ALL -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL NONE -j DROP

$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL SYN \
-m state --state ESTABLISHED -j DROP

$IPT -A BAD_PACKETS -p ICMP --fragment -j DROP

$IPT -A BAD_PACKETS -m state --state INVALID -j DROP

#$IPT -A BAD_PACKETS -d 255.255.255.255 -j DROP

$IPT -A BAD_PACKETS -j RETURN

echo "So let it be written. So let it be done."
if you don't understand what just happened then please ask some specific questions or read some more iptables intros/tutorials...

just my ...


Last edited by win32sux; 09-16-2005 at 05:25 PM.
 
Old 09-18-2005, 04:01 PM   #15
Soulful93
Member
 
Registered: Dec 2003
Location: Denver, CO
Distribution: SuSE 9.2 Slackware 10.1
Posts: 137

Original Poster
Rep: Reputation: 15
Here's how my network is setup Tink. These are all connected via a switch.

1.) Smoothwall Machine (live connection via ppp0 :forwarding/filtering internet traffic:, network connection via eth0 192.168.255.1)

2.) Trustix Sever (the one I'm configuring iptables on (one interface eth0 192.168.255.2)

3.) Windows XP Media Center (eth0 192.168.255.3)

4.) Laptop/WinXP (eth0 192.168.255.4)

Still reading the tutorial's. I picked up a few books and I'm planning on reading a couple of internet tutorials sometime this week.

I'm starting to get a grasp on what your doing Win32Sux. I'm familar with Cisco IOS ACL's so I think that might be helping a bit.

It seems like your appending quite a bit, from which I just read appends a rule to the bottom of the ruleset. Is there a need for a specific order that you have to enter your rules?

Also, I'm not understanding what your doing with the -J RETURN. What does RETURN do?

Last edited by Soulful93; 09-18-2005 at 04:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Gentoo/iptables/ppp0 DNS Issues switch007 Linux - Networking 4 12-02-2004 08:57 AM
iptables issues TreeHugger Linux - Networking 3 11-15-2004 05:27 AM
Issues with iptables and suse pshepperd Linux - Security 1 05-14-2004 09:35 PM
variuos issues: IPtables, samba, XP and RH9 kenji1903 Linux - Networking 0 05-12-2004 11:43 PM
Iptables & squid issues sedulous Linux - Networking 1 10-05-2003 02:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration