Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question regarding iptables on Debian. What am I doing wrong kind of question. I want to be able to monitor remote machines from my zabbix server. I have put in the following commands in hope of opening the input chain to ssh, http, zabbix_agent and zabbix_trap:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 10050 -j ACCEPT
iptables -A INPUT -p tcp --dport 10051 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
I have not touched the output chain and it is wide open. Once I executed the last command "iptables -A INPUT -j DROP" I can no longer go out on port 10050 on remote machines.
telnet 1.2.3.4 10050 from the server times out.
ssh & http connections are fine btw.
Most types of communications have return traffic on higher numbered ports. For example, when you go to a web site, you connect to that server on it's port 80, but you are typically using a very high numbered port. Without a rule line to accept established and related connections, you communications will only be one way as the return traffic will be blocked. The trick is that you can't know in advance what the high numbered return port will be, hence you need to make use of the state-full functions of iptables. You could do this with a rule (place above or below your loopback rule) like this:
Code:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
I'm glad that worked for you. I thought you might also find these iptables tutorials interesting. There LOTS of them out there, but I think these are pretty good.
First: http://bodhizazen.net/Tutorials/iptables. There is also one from this author about preventing DOS attacks. Overall, the site is a good one with a lot of information.
Second: http://www.frozentux.net/iptables-tutorial/chunkyhtml/ This one is courtesy of Win32sux. It is a rather large document, but is comprehensive.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.