iptables language to english

borrrden · 09-19-2004, 07:32 PM

ok I'm trying to make a simple firewall that will keep everything out of my computer (for now, until I figure out how to make more rules). Here is what I have....

I'm trying to get lots of "Stealth" ports on "ShieldsUP!", because 70% of my first 1056 ports are open to anything

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --source-port 1:1056 -j DROP
-A INPUT -p udp --source-port 1:1056 -j DROP
-A INPUT -p tcp --destination-port 1:1056 -j DROP
-A INPUT -p udp --destination-port 1:1056 -j DROP
-A OUTPUT -j ACCEPT
-A FORWARD -j ACCEPT

In theory, what should this do?

I also want to know how to block ICMP stuff from going into my ports, there is also more stuff in my iptables that was written for me by a GUI, I dont know what it means it's stuff like

:INPUT DROP [0:0]
:PREROUTING ADDRESS [45635:8144121]

etc etc

What does it mean, and how do I make a firewall that actually DOES something? I'm getting mad because I'm googling my ass off and I can't make anything happen

servnov · 09-19-2004, 07:59 PM

why not:

itables -A INPUT -p tcp whatever you need -j ACCEPT
iptables -A INPUT -j DROP
iptables -A INPUT -p icmp DROP

borrrden · 09-19-2004, 08:09 PM

I'm getting closer - I've now got it so that it actually changes BUT whenever i restart it....it goes back to a blank policy of accepting everything.....

What do I do? I can't save or use it without it changing back to accept everything....

[root@localhost sbin]# ./iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost sbin]# ./iptables-save
# Generated by iptables-save v1.2.9 on Sun Sep 19 21:06:23 2004
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
COMMIT
# Completed on Sun Sep 19 21:06:23 2004
[root@localhost sbin]# ./iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost sbin]#

borrrden · 09-19-2004, 08:13 PM

I did it!!! I editied the iptables in /etc/rc.d/init.d because every time it stopped, it called "flush_n_delete" a program that reset the policies all to accept...I don't know why this was the default but now it works how I want it to.

borrrden · 09-19-2004, 08:41 PM

Question....if my policy is DROP, that means that nothing happens on that chain unless I tell it to.....why then do I still have so many open ports on ShieldsUp? Shouldn't they be stealth or closed?

servnov · 09-20-2004, 07:35 AM

rulesets will be lost on reboot, so make it run the script at startup. Ex. name it rc.ipt or rc.firewall and drop it in /etc/rc.d

Also, remember to scan your external IP. If you are scanning localhost or 127.0.0.1 (same thing)you said in your script to accept all that.

Kahless · 09-21-2004, 01:50 AM

You might also consider getting rid of some of thoes services if you arent actually using them

not running a web server? uninstall apache.
not running a ftp server? uninstall it
not sharing with windows? uninstall Samba
never log in remoetley? uninstall ssh

you get the idea. There are many good threads on this forum on securing your box, read around a bit.