Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
# Get 2 to 3 packets fragments before checking.
iptables -A INPUT -f
# Rules for TCP
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 23 -j DROP
iptables -A INPUT -p tcp --dport 21 -j DROP
iptables -A INPUT -p tcp --dport 489 -j DROP
# Rules for UDP
iptables -A INPUT -p udp --dport 412 -j DROP
# Stop the icmp whores
iptables -A INPUT -p icmp --icmp-type
The full line (dmesg doesn't show the error) is
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I have followed the instructions from the iptables 1.2.8 INSTALL file, minus the patch-o-matic part, recompiled my kernel and then it still didn't work.
There were no new config options in my kernel to modulate ipt_filter and all that, and modprobe ipt_filter fails to find anything.
Ok, found the error of the above... didn't add module support for netfilter configuration parts.
But now I get a failure of the rc.firewall file at line 2 and i get
bash-2.05b# iptables -A INPUT -p tcp -j ALLOW
iptables v1.2.8: Couldn't load target `ALLOW':/usr/local/lib/iptables/libipt_ALLOW.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
I still get a line 2 failed with
# Required Modules
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_REJECT
# Required proc configuration
echo "1" > /proc/sys/net/ipv4/ip_forward
# Start the RULES
# Add chains for tcp packets, udp packets and icmp packets
# Get 2 to 3 packets fragments before checking.
$IPTABLES -A INPUT -f
# Rules for TCP
$IPTABLES -A INPUT -p tcp --dport 22 -j DROP
$IPTABLES -A INPUT -p tcp --dport 23 -j DROP
$IPTABLES -A INPUT -p tcp --dport 21 -j DROP
$IPTABLES -A INPUT -p tcp --dport 489 -j DROP
$IPTABLES -A INPUT -p tcp --dport 100:65535
# Rules for UDP
$IPTABLES -A INPUT -p udp --dport 412 -j DROP
# Stop the icmp whores
$IPTABLES -A INPUT -p icmp --icmp-type
# Rules for out going packets
# Drop all packets not conforming to the above rules
# $IPTABLES -A INPUT -j DROP
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.