LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-23-2004, 10:04 PM   #1
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
iptables won't let packets in - check please?


The problem:
Cannot receive packets from the web, I can send email but not receive it for eg. Also, clicking buttons on web pages just times out. I guess I've inadvertetly blocked incoming packets that I want to receive. Here's the result of iptables -L

[root@indigo-prime sbin]# ./iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination


The idea is supposed to be that anything I send gets out, which seems to work. Anything cming in is blocked unless told otherwise... or if it is associated with something I sent out. i.e. a link or a button press on a web page - anything associated with that should get back to me. Also, when I hit "send receive" on ximian email... but this bit dosn't happen.
Thanx for input.

I'm building such a set of "howto's" here I'll soon be able to start paying all this help forward
Simon
 
Old 01-23-2004, 10:07 PM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Original Poster
Rep: Reputation: 198Reputation: 198
Hang on . . . I think I see the problem . . .
there should be another line in there under input

I should have done:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

???

I'll have to go away to try this out.
Meantime, suggestions are welcome.

(Note, this firewall is the simplest of the threads I've seen - newbies not running a network or a server will probably appreciate this.)
Simon
 
Old 01-24-2004, 05:19 PM   #3
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Original Poster
Rep: Reputation: 198Reputation: 198
Hah! Serves me right - everything seems to be working fine now
Typical - I phrase a question and a solution presents itself *after* I've made it public!
For those with trouble wot come up with this thread in a search here's what I have ended up doing:

Default firewalls tend to be the "admit all unless told otherwise" type. Dunno why, they're stupid. However, it can be changed:

(get rid of the existing firewall)
iptables --flush
iptables --flush -t nat

(stop everything)
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

(let network traffic through the loopback device)
iptables -A OUTPUT -j ACCEPT -o lo
iptables -A INPUT -j ACCEPT -i lo

(outgoing communication)
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

(allow ssh)
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT --dport 22

which should (someone correct me) protect a standalone system without interfering with you doing stuff. It won't make you invisibel though.

suggestions?
 
Old 01-26-2004, 02:49 PM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
whoops posted into the wrong thread...

Last edited by peter_robb; 01-26-2004 at 02:58 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Forwarding packets with Iptables DrunkenDisciple Linux - Software 2 07-25-2005 12:00 AM
How to check if packets/ports are being filtered/blocked mfeoli Linux - Networking 1 11-05-2004 06:27 AM
iptables won't let packets in - check please? Simon Bridge Linux - Security 1 01-23-2004 10:26 PM
iptables (Fragmented packets) qwijibow Linux - Security 2 09-02-2003 07:40 AM
how to check version and uninstall packets Vieux Linux - General 2 12-07-2002 03:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration