LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-21-2013, 05:06 PM   #31
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598

Quote:
Originally Posted by j118 View Post
What kinds?
Sorry, bit late reply. Unless you have a need for those: router-solicitation, router-advertisement, echo-request, TOS-host-redirect, TOS-network-redirect, host-redirect, network-redirect, redirect, source-quench or by type(/code): 4, 5, 5/0, 5/1, 5/2, 5/3, 8, 9, 10. Also see 'sysctl -a|grep icmp'.


Quote:
Originally Posted by j118 View Post
I have temporarily opened port 25, and will get them set up using port 456 and SSL and close port 25 again pronto!
Personally I'd first set up proper access restrictions and anti-spam protection and then expose the service but it's your call.


Quote:
Originally Posted by j118 View Post
I do indeed use my own server as the authoritative DNS (as far as I can tell).
Instead run a 'dig +trace' on your domain name and you know what the authoritative Name Server is. BTW it's good to check your domain name contract. (In my best Jedi voice: you really do want a backup MX and Name server.) Package deals may often not sound like a really good deal but in the case of domain names it is because they have the infrastructure and money to configure a backup Name Server in another network.


Quote:
Originally Posted by j118 View Post
Code:
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
Does that look sane and acceptable?
I would put it above the TCP rule and make the TCP/53 a separate rule below the current TCP rule. Watch how many requests you get on average then put a cap on it ("-m limit"). Also tune your name servers configuration (auth for changing things, lame resolvers, what to log) and watch those logs (Logwatch?) for common errors to correct or anomalies to inspect.


Quote:
Originally Posted by j118 View Post
No hardware firewall, though I could pay extra to have one. Right now I'm not thinking I really need one too bad.
One of the basics of computing is that you can measure about any aspect: memory, CPU usage, network throughput, etc, etc. Logging SAR data leads to bottleneck / resource utilization reports which leads (or should lead) to you prioritizing changes and making informed decisions based on facts. Since it all boils down to spending more money it's only logical to be able to justify expenses based on cold, hard facts and not on what others think you need.
 
Old 01-22-2013, 02:28 AM   #32
fengg
LQ Newbie
 
Registered: Jul 2011
Posts: 1

Rep: Reputation: Disabled
Hi all

this is my first post , going through this topic , i find it really amusing & helps alot in troubleshooting issues

I have pasted below rules which i use in my client's system , hope this may help.

#!/bin/bash

# 2. Set default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# 3. Block a specific ip-address
#BLOCK_THIS_IP="x.x.x.x"
#iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP

# 4. Allow ALL incoming SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 5. Allow incoming SSH only from a sepcific network
#iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 6. Allow incoming HTTP
#iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# Allow incoming HTTPS
#iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT

# 8. Allow outgoing SSH
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 9. Allow outgoing SSH only to a specific network
#iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# 10. Allow outgoing HTTPS
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# 11. Load balance incoming HTTPS traffic
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443
#iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443

# 12. Ping from inside to outside
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

# 13. Ping from outside to inside
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

# 14. Allow loopback access
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# 15. Allow packets from internal network to reach external network.
# if eth1 is connected to external network (internet)
# if eth0 is connected to internal network (192.168.1.x)
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# 16. Allow outbound DNS
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

# 17. Allow NIS Connections
# rpcinfo -p | grep ypbind ; This port is 853 and 850
#iptables -A INPUT -p tcp --dport 111 -j ACCEPT
#iptables -A INPUT -p udp --dport 111 -j ACCEPT
#iptables -A INPUT -p tcp --dport 853 -j ACCEPT
#iptables -A INPUT -p udp --dport 853 -j ACCEPT
#iptables -A INPUT -p tcp --dport 850 -j ACCEPT
#iptables -A INPUT -p udp --dport 850 -j ACCEPT

# 18. Allow rsync from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT

# 19. Allow MySQL connection only from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT

# 20. Allow Sendmail or Postfix
iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT

# 21. Allow IMAP and IMAPS
iptables -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 993 -m state --state ESTABLISHED -j ACCEPT

# 22. Allow POP3 and POP3S
iptables -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT

# 23. Prevent DoS attack
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

# 24. Port forwarding 422 to 22
iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22
iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT

# 25. Log dropped packets
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP

## Load Balance incoming https traffic## (Can be applied to http traffic also)

iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443

##Make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them.
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
##Packets with incoming fragments drop them. This attack result into Linux server panic such data loss.
iptables -A INPUT -f -j DROP
##Incoming malformed XMAS packets drop them:
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
##Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
 
1 members found this post helpful.
Old 01-22-2013, 02:58 AM   #33
bijo505
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: Fedora & Ubuntu
Posts: 77

Rep: Reputation: 18
Quote:
Originally Posted by fengg View Post
Hi all

this is my first post , going through this topic , i find it really amusing & helps alot in troubleshooting issues
Hi Fengg,
Nice one!!
it would be a quick reference :-)
I really appreciate the effort.
 
Old 01-22-2013, 05:45 AM   #34
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Quote:
Originally Posted by bijo505 View Post
Nice one
Is it now? I see an inefficient rule order and rule duplication...
 
Old 01-22-2013, 06:30 AM   #35
bijo505
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: Fedora & Ubuntu
Posts: 77

Rep: Reputation: 18
Quote:
Originally Posted by unSpawn View Post
Is it now? I see an inefficient rule order and rule duplication...
Hi UnSpawn,

I consider that post is a reference for Newbies and wanted to encourage and appreciate the efforts, which has taken by fengg as a newbie (That is his first post). The post might not be good or might have duplicate entries...So in future we can expect good threads from him.....
 
Old 01-22-2013, 07:13 AM   #36
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Quote:
Originally Posted by bijo505 View Post
I (..) wanted to encourage and appreciate the efforts
That's a good thing, yes...


Quote:
Originally Posted by bijo505 View Post
The post might not be good or might have duplicate entries..
Sure you can have an opinion but can you make assess if it is usable as "a reference for Newbies" without modification?

This is what solely the filter table could look like with all the commented and duplicate rules removed, some errors corrected and re-ordered:
Code:
*filter
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

# 14. Allow loopback access
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Make sure NEW incoming tcp connections are SYN packets; otherwise we need to drop them.
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
# Packets with incoming fragments drop them. This attack result into Linux server panic such data loss.
iptables -A INPUT -f -j DROP
# Incoming malformed XMAS packets drop them:
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

 # 7. MultiPorts (Allow incoming SSH, HTTP, and HTTPS)
iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,25,110,143,443,993,995 -m state --state NEW -j ACCEPT
# 23. Mitigate (not "prevent") DoS attack
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,25,53,110,143,443,993,995 -m state --state ESTABLISHED -j ACCEPT
# 16. Allow outbound DNS
iptables -A OUTPUT -o eth0 -p udp -m state --state NEW --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m state --state NEW --sport 53 -j ACCEPT

# 18. Allow rsync from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.101.0/24 --dport 873 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d 192.168.101.0/24 --sport 873 -m state --state ESTABLISHED -j ACCEPT

# 19. Allow MySQL connection only from a specific network
iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 --dport 3306 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d 192.168.200.0/24 --sport 3306 -m state --state ESTABLISHED -j ACCEPT

# 12. Ping from inside to outside
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
# 13. Ping from outside to inside
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

# 25. Log dropped packets
iptables -N LOGGING
iptables -A INPUT -i eth0 -m state --state NEW -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "Dropped: " --log-level 7
iptables -A LOGGING -j REJECT --reject-with icmp-port-unreachable
*the "LOGGING" chain shouldn't really log anything because of the default INPUT chain DROP policy and explicit port rules.

Last edited by unSpawn; 01-22-2013 at 07:45 AM. Reason: //Sometimes less is more
 
1 members found this post helpful.
Old 02-06-2013, 06:33 PM   #37
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Sorry, bit late reply. Unless you have a need for those: router-solicitation, router-advertisement, echo-request, TOS-host-redirect, TOS-network-redirect, host-redirect, network-redirect, redirect, source-quench or by type(/code): 4, 5, 5/0, 5/1, 5/2, 5/3, 8, 9, 10. Also see 'sysctl -a|grep icmp'.
Ah... Well in light of that response, perhaps what I should have asked is what icmp types should I allow? If I am following correctly, I should allow types 0,3,and 11. Do I need 8/0?

Also, what is the difference between icmp type "8" and "8/0"? I did a lot of reading and did not find much info on that. What does the forward slash mean?

Also, can I string together several types on one line, or do they all need to be on separate lines? e.g:
-A INPUT -p icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
-A INPUT -p icmp --icmp-type 11 -j ACCEPT



So far, what I have is:

Code:
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 20:22,25,53,80,443,465,989,990,993,995,8443,8880,8447,12443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "IN_denied "
-A INPUT -m state --state NEW -j REJECT --reject-with icmp-host-prohibited

Last edited by j118; 02-06-2013 at 06:39 PM.
 
Old 02-07-2013, 06:38 AM   #38
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Quote:
Originally Posted by j118 View Post
Ah... Well in light of that response, perhaps what I should have asked is what icmp types should I allow? If I am following correctly, I should allow types 0,3,and 11.
That is exactly what CYMRU suggests as the minimum set see "Allowed Types and Codes": http://www.cymru.com/Documents/icmp-messages.html


Quote:
Originally Posted by j118 View Post
Do I need 8/0? Also, what is the difference between icmp type "8" and "8/0"? I did a lot of reading and did not find much info on that. What does the forward slash mean?
If you want 8/0 then you also want 0/0. While 'man 7 icmp' contains valuable info it doesn't say things like https://tools.ietf.org/html/rfc792 does and maybe http://en.wikipedia.org/wiki/Interne...ssage_Protocol may be easier to read. ICMP messages are classified as types and types must have a code attached. Ergo "/0" code can mean two meanings: 0.) a specific message like 3/0 "Net Unreachable" or in absence of any type-related codes, like "8" doesn't have any, it just means "No Code".


Quote:
Originally Posted by j118 View Post
Also, can I string together several types on one line, or do they all need to be on separate lines?
You can test that yourself ;-p
 
Old 02-07-2013, 03:40 PM   #39
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
If you want 8/0 then you also want 0/0. While 'man 7 icmp' contains valuable info it doesn't say things like https://tools.ietf.org/html/rfc792 does and maybe http://en.wikipedia.org/wiki/Interne...ssage_Protocol may be easier to read. ICMP messages are classified as types and types must have a code attached. Ergo "/0" code can mean two meanings: 0.) a specific message like 3/0 "Net Unreachable" or in absence of any type-related codes, like "8" doesn't have any, it just means "No Code".
So deciphering what you said above, I take it that the number to the left of the forward slash is the type, and the number to the right of the forward slash is the code. And that "8" and "8/0" mean the same thing, as type "8" has no codes except "0"?


Quote:
Originally Posted by unSpawn View Post
You can test that yourself ;-p
Well, I did try searching for several hours before asking, and did not see any example on the entire Internet (that I could find) that had them on one line. Before I asked you, I did try:
-A INPUT -p icmp -m icmp --icmp-type 0,3,11 -j ACCEPT
but that didn't seem to work, so I'm assuming that it can't be done?
 
Old 02-07-2013, 06:51 PM   #40
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Quote:
Originally Posted by j118 View Post
So deciphering what you said above, I take it that the number to the left of the forward slash is the type, and the number to the right of the forward slash is the code. And that "8" and "8/0" mean the same thing, as type "8" has no codes except "0"?
Type and code, yes. And "--icmp-type 8" is OK as it doesn't have any codes, yes. *BTW it seems RFC 6633 deprecated Source Quench (type 4) last year.


Quote:
Originally Posted by j118 View Post
it can't be done?
You found empirically it can't be done. +1. *BTW if you try something it's always appreciated if you let us know you've tried.
 
Old 02-15-2013, 06:15 PM   #41
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
You found empirically it can't be done. +1.
Well, thanks. I guess I found it can't be done, if my empirical techniques were correct--which may not be completely the case, considering that I'm not necessarily aware of all ways that one might try to put ICMP types/codes on one line. E.g. if there was some corollary to "multiport" for ICMP that I was not aware of.


Quote:
Originally Posted by unSpawn View Post
*BTW if you try something it's always appreciated if you let us know you've tried.
Sort of on that note, I did find that you can't close port 25 (if you're running an email server), even if all email clients (e.g. Outlook, Thunderbird, etc.) use 465 and 995, as port 25 is used by all external servers that are trying to send email to your email server--and that can't be changed (since you have no control over other servers on the Internet, and the port they look at). So that port must remain open for that reason (or at least it must remain open between your email server and the servers sending to you).

Last edited by j118; 02-15-2013 at 06:20 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables Script Question eggman95 Linux - General 2 07-14-2006 04:57 AM
iptables newbie question Beauford-2 Linux - Security 4 09-26-2004 04:41 AM
iptables newbie question TurtleBay Linux - Newbie 10 10-09-2003 02:37 PM
Newbie Question - IPTables cyberperson Linux - Networking 1 03-14-2003 10:22 PM
iptables script question iceman47 Linux - Networking 1 12-18-2002 10:39 AM


All times are GMT -5. The time now is 08:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration