I'm just about convinced that linux hates me and will do everything that it can to kill my resolve. Here is today's update:
I went to the page that Noerr suggested and decided on the following script:
http://www.linuxguruz.org/iptables/s...rewall_010.txt
When I ran the script, it gave me a ton of errors: ": command not found" for just about every line in the script; "Bad argument DROP", "Try 'iptables -h' or 'iptables --help' for more information."; more than a few "'ad arguement `" errors.
I have commented out a few lines about connections I don't want to allow like telnet and
www. I commented out the first few lines about "modprobe ip_tables", etc. because they were giving me errors and this seemed to help cut down on teh number of error messages. The only other thing I have done to modify this script is to add echos throughout the script to give me an idea of where some of these errors are coming from (see the results above). I also commented out the lines about setting the default policy to drop because when they executed, the box denied every connection, including my SSH connection (which you will note should have been allowed by this script). After the script is run, 'iptables -L' yields the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
syn-flood tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
LOG all -f anywhere anywhere LOG level warning prefix `IPTABLES FRAGMENT: '
DROP all -f anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED
LOG udp -- anywhere anywhere LOG level warning prefix `IPTABLES UDP-IN: '
LOG icmp -- anywhere anywhere LOG level warning prefix `IPTABLES ICMP-IN: '
LOG tcp -- anywhere anywhere LOG level warning prefix `IPTABLES TCP-IN: '
LOG all -- anywhere anywhere LOG level warning prefix `IPTABLES PROTOCOL-X-IN: '
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG udp -- anywhere anywhere LOG level warning prefix `IPTABLES UDP-OUT: '
LOG icmp -- anywhere anywhere LOG level warning prefix `IPTABLES ICMP-OUT: '
LOG tcp -- anywhere anywhere LOG level warning prefix `IPTABLES TCP-OUT: '
LOG all -- anywhere anywhere LOG level warning prefix `IPTABLES PROTOCOL-X-OUT: '
Chain syn-flood (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere limit: avg 1/sec burst 4
DROP all -- anywhere anywhere
Can someone please tell me why iptables hates me? I am running Mandrake 8.2 with iptables v 1.2.5. TIA.