LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-03-2007, 01:00 PM   #1
spoonpower
LQ Newbie
 
Registered: Sep 2006
Posts: 16

Rep: Reputation: 0
Need help for IPtables


Hello everyone,

I am currently building a firewall, can anyone tell me what does this really meana? "Drop all incoming packets from reserved port 0 as well as inbound traffic to port 0." What is the difference between reserved port 0 & port 0? I am very new to linux, first time working on building firewall. If anyone have time, please take a look the following scripts and give me some hints what I did so far.

# Set the default policies to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Permit inbound/outbound ssh packets.
iptables -A INPUT -i eth1 -p tcp --dport 22 --syn -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --sport 22 --syn -j ACCEPT

# Permit inbound/outbound www packets.
iptables -A INPUT -i eth1 -p tcp --dport 80 --syn -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --sport 80 --syn -j ACCEPT

# Drop inbound traffic to port 80 (http) from source ports less than 1024
iptables -A INPUT -i eth1 -p tcp --dport 80 --sport 0:1024 -j DROP

# Drop all incoming packets from reserved port 0 as well as inbound traffic to port 0
 
Old 02-03-2007, 01:28 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
reserved means it's assignment is reserved. not http, not ssh, not telnet, not ftp, just reserved and not to be used. the two parts of the sentence are referring to inbound and outbound usage of that port number. port 0 is often used as a mechanism to summon the next ephemeral port available on the system implicitly, but that's not anything you need to care about here.

Last edited by acid_kewpie; 02-03-2007 at 01:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration