LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-06-2006, 12:26 AM   #1
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Rep: Reputation: 30
Learn Iptables


- hey guys i have heard that iptables is good in creating a firewall and i want to learn it. any tips on where can i learn it.
 
Old 11-06-2006, 02:20 AM   #2
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Pop!_OS && Windows 10
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
These links will offer some basic information for you.

http://www.netfilter.org/documentati...ing-HOWTO.html
http://lartc.org/howto/


Cheers

////
 
Old 11-06-2006, 12:08 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
also don't forget this tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html

it's one of the most often recommended here at LQ...
 
Old 11-09-2006, 01:50 AM   #4
SBN
Member
 
Registered: Jul 2006
Distribution: UBUNTU, CentOS, FEDORA 8
Posts: 474

Original Poster
Rep: Reputation: 30
- thanks for the links guys i have read some of them and they very educational.
- after reading those links i tried to test my iptables skills , i have adop the rule to block all and allow only those that i need. and this is what i did.

firs i block all incoming connections:

Quote:
iptables -P INPUT DROP
then i tried to access the internet and still i can have an access
then i also block all outgoing connections:

Quote:
iptables -P OUTPUT DROP
so now INPUT and OUTPUT is block, then i tried accessing the internet and no such luck. in our small network i think the only services that we really need is just web browsing, the ftp, IM (yahoo primarily, email. unless there services that should not be block.

so i first try to allow our network have access to internet and tried this:

Quote:
iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp dport 80 -j ACCEPT
and the result no internet access, so i tried added the same code only this time i change tcp to udp and still no access. then i tried this:

Quote:
iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -dport 80 -j ACCEPT
and wala!!! we have internet access i was so happy!!! but is this correct can i have your opinion guys...thanks
 
Old 11-14-2006, 10:22 PM   #5
noonmid27
Member
 
Registered: Sep 2006
Posts: 79

Rep: Reputation: 15
Firewall

Can somebody tell me where i can get some answers on how to configure the firewall for slackware 11.0 i've tried looking up information on the internet but the terms are very technical, thus confusing a newbe like myself.
 
Old 11-14-2006, 11:09 PM   #6
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by SBN
and wala!!! we have internet access i was so happy!!! but is this correct can i have your opinion guys...thanks
OK this is sort of correct, the only thing is the internet uses TCP protocol to connect to webservers. UDP is only used by DNS servers, and on the extreme cases DNS servers may also use the TCP protocol, but this is rare.

To help cut down on some of the rules and to make the script a bit more secure, is to load the STATE module. This module is best used on the INPUT chain. So you can have one line that will only allow what you allow to go out, to come back in:


Code:
# load module
modprobe ipt_state

# allow only related or established to come back in
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Last edited by fotoguy; 11-15-2006 at 01:47 AM.
 
Old 11-14-2006, 11:16 PM   #7
spurious
Member
 
Registered: Apr 2003
Location: Vancouver, BC
Distribution: Slackware, Ubuntu
Posts: 558

Rep: Reputation: 31
wiki.linuxquestions.org hosts a simple iptables script and tutorial.
 
Old 11-14-2006, 11:48 PM   #8
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally Posted by noonmid27
Can somebody tell me where i can get some answers on how to configure the firewall for slackware 11.0 i've tried looking up information on the internet but the terms are very technical, thus confusing a newbe like myself.

Slackware 11.0 doesn't come with any firewall script, you will have to make one yourself. You can make a simple script that will work quite well, all files that you want executed at bootup go in the /etc/rc.d directory and must be made executable.

A simple firewall script would look something like this:

Code:
#################################################
#!/bin/sh
# /etc/rc.d/rc.firewall

LOCATE=`whereis iptables | awk '{print $2}'`
IPTABLES=$LOCATE

# Flush all inbuilt chains
$IPTABLES -F
# flush all user created chains
$IPTABLES -X

# set default policy to drop everything
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

# load the state module
/sbin/modprobe ipt_state

# drop invalid packets coming into the host
$IPTABLES -A INPUT -m state --state INVALID -j DROP

# allow only established or related packets back into the host
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# allow everything to go out of the host
$IPTABLES -A OUTPUT -j ACCEPT

# anything that makes it this far will now be caught by the default policy
# which has been set to DROP

# end of /etc/rc.d/rc.firewall

##################################################
A very simple script that should get you going, but like anything it will need lots of fine tuning depending on what it's being used for. To make the script executable at the commandline type:

Code:
chmod +x /etc/rc.d/rc.firewall
If you have any other questions or need any help just ask away

Last edited by fotoguy; 11-15-2006 at 01:48 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 06:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 07:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration