LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Testing IPTables (https://www.linuxquestions.org/questions/linux-security-4/testing-iptables-594366/)

SBN 10-24-2007 07:13 PM

Testing IPTables
 
Hey guys im trying to test this simple IPTables i placed in a script in my centos box.

Quote:

iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT
im trying to test this using NMAP, i tried to NMAP it using -sT,-sS ...etc
but i always recieved "operation not permitted" but if i removed the state i just place

Quote:

iptables -A INPUT -P TCP -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT
i received a reply displaying the ports.

is there something wrong with the script thats why i cant NMAP it if the state is placed or theres something wrong on how i NMAP it?

:)

eagleheart 10-24-2007 09:50 PM

start over, like you had it, at least this much:
Quote:

iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
then try with just loopback open:
Quote:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
assuming the target of nmap is 127.0.0.1

aakhan 10-26-2007 04:03 AM

Quote:

Originally Posted by SBN (Post 2935758)
Code:

iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT


The "-P" switch sets default policy on a chain. "-p" (watch the lower-case letter 'p'), on the other hand, selects protocol. I don't have a Linux box at hand, but I am pretty sure the first of the two iptables command you are running will complain.


All times are GMT -5. The time now is 05:52 PM.