LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2006, 03:34 AM   #1
notsosmart
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Rep: Reputation: 0
Question iptables questions


#flush all the old policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F
#flush all the specific existing rules user chains
iptables --flush
#flush all the user define chains
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG
iptables -A FORWARD -j LOG


iptables -N keeptrac
iptables -A keeptrac -m tcp -p tcp -d 0/0 -j ACCEPT --destination-port ssh
iptables -A keeptrac -m tcp -p tcp -s 0/0 -j ACCEPT --source-port ssh
iptables -A keeptrac -m tcp -p tcp -s 0/0 -j ACCEPT --destination-port www
iptables -A INPUT -p TCP -j keeptrac

iptables -A INPUT -i 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP
iptables -A INPUT -i eth0 -p TCP --dport 22 -j keeptrac
iptables -A OUTPUT -o eth0 -p TCP --sport 22 -j keeptrac
iptables -A INPUT -i eth0 -p TCP --dport 80 --sport ! 0:1023 -j keeptrac
iptables -A OUTPUT -o eth0 -p TCP --sport 80 -s 0/0 -j keeptrac
iptables -A INPUT -i eth0 -p TCP --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 22 -j ACCEPT
--------------------------------------------------------
Newbie here is struggling with this iptable script. Why can I not get any inbound SSH packets?

and
why does the following line causes all incoming traffic to be dropped?

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP


Thank you for replying
 
Old 10-11-2006, 11:13 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
If you are trying to connect on eth0, I don't see why it wouldn't work. I wonder if there is a problem with your SSH configuration instead of the firewall. For troubleshooting, you can see how many packets have matched a particular rule using the command:

Code:
iptables -nvL
where the first 2 columns list packet and byte counts. If the rule has ACCEPT as its target then packets matching it will go through.

In the spirit of constructive criticism, I would suggest reworking your script to clean it up a little. A good place to start would be by reading the packet fileter howto. User chains can be useful, but in this case I don't see what your chain is accomplishing. I would suggest eliminating it and just do -j ACCEPT on the actual lines in the INPUT or OUTPUT chains instead. And remember that once a packet matches a rule with -j ACCEPT, it will leave the chain and not be processed by any more rules. It looks like you are trying to ACCEPT packets multiple times. I am not trying to dump on you -- just help you get a better firewall script.


Quote:
Originally Posted by notsosmart
why does the following line causes all incoming traffic to be dropped?

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
This line does not drop all incoming traffic. It drops those tcp packets which are not part of an existing connection (--state NEW) and yet claim to be (! --syn), i.e. packets that are trying to pull a fast one on you.

I hope this helps.

Last edited by blackhole54; 10-11-2006 at 11:15 AM.
 
Old 10-15-2006, 12:39 PM   #3
notsosmart
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks blackhole54 for your help!!! Cannot tell you how much you have helped. Let me try.

You are right, when I loaded my firewall onto another machine, inbound and outbound ssh packets were allowed through.

The command iptables -vnL. This command has proof to be very powerful for troubleshooting.
I had been loggin all the packets transferred into /var/log/messages for troubleshooting, but many times I could not see which of my policies were used and sometimes even why some packets were allowed in and why some were not. iptables -vnL sure help with helping me see how my firewall was working.

I did not know that packets once accepted will not go through the rest of the rules. Now I know why many packets that I wanted accepted were being dropped and packets I want dropped let through.


Thanks again,
Take care and all the best,

NotSoSmart
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
questions about iptables Paxmaster Linux - Security 1 07-13-2005 02:01 AM
MAC address iptables questions scottman Linux - Security 2 10-01-2004 01:26 PM
iptables questions AZDAVE Linux - Security 2 03-25-2004 01:26 PM
questions on sendmail and iptables aetengoku Linux - Software 4 01-27-2004 09:14 PM
iptables slackware questions moger Slackware 4 01-17-2004 07:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration