Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-08-2014, 11:44 AM
|
#1
|
|
Member
Registered: Jan 2012
Posts: 72
Rep: 
|
Assigning variables in Iptables centos
Dear All,
I want to assign variables in iptables file.(/etc/sysconfig/iptables) generated by iptables-save script. But its not working.
Following is my iptables file. and OS is Centos.
##################################
*filter
:INPUT ACCEPT [189:21747]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [174:24924]
Jesse="73.185.155.233"
rmrg="23.24.136.233"
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 811 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp -s $Jesse -j ACCEPT
-A INPUT -p udp -m udp -s $Jesse -j ACCEPT
-A INPUT -p tcp -m tcp -s $rmrg -j ACCEPT
-A INPUT -p udp -m udp -s $rmrg -j ACCEPT
-A INPUT -p tcp -m tcp -j DROP
-A INPUT -p udp -m udp -j DROP
COMMIT
##############################
Please help. What is correct way of assigning variables in iptables file.
Regards.
Kamran
Last edited by kamran.ayub; 11-08-2014 at 12:00 PM.
Reason: replacing iotables with iptables
|
|
|
|
|
11-09-2014, 07:25 PM
|
#2
|
|
Moderator
Registered: Aug 2002
Posts: 26,734
|
As far as I know you need to use a bash script to load rules based on variables. There are many examples that can be found on the net.
Last edited by michaelk; 11-09-2014 at 07:26 PM.
|
|
|
|
|
11-09-2014, 11:37 PM
|
#3
|
|
Member
Registered: Jan 2012
Posts: 72
Original Poster
Rep:
|
Dear michaelk,
Can you please guide me about any link for bash script of iptables which is tested one.
I have already tried one with script but failed.
Regards,
Kamran
|
|
|
|
|
11-10-2014, 06:00 AM
|
#4
|
|
Moderator
Registered: Aug 2002
Posts: 26,734
|
|
|
|
|
|
11-10-2014, 09:31 PM
|
#5
|
|
Member
Registered: Jan 2012
Posts: 72
Original Poster
Rep:
|
Dear michaelk,
I have tried this script before. Issue with my script is when ever I activate my script, my SSH connection goes down.
I think below default policies don't let my traffic to go pass through my ssh traffic.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Can you please help if I am wrong or right on this? A workaround which I have done to clear this situation is I rebooted my machine physically and then firewall script stopped automatically and I am able to ssh my machine.
regards,
Kamran
|
|
|
|
|
11-10-2014, 10:07 PM
|
#6
|
|
Member
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 587
Rep: 
|
From post #3's first link:
Quote:
Code:
iptables -P INPUT ACCEPT
If connecting remotely we must first temporarily set the default policy on the INPUT chain to ACCEPT otherwise once we flush the current rules we will be locked out of our server.
|
|
|
|
|
|
11-10-2014, 10:40 PM
|
#7
|
|
Member
Registered: Jan 2012
Posts: 72
Original Poster
Rep:
|
Dear ilestrg,
Don't u think that "iptables -P INPUT ACCEPT" will accept all incoming traffic.
Because iptables rules run by their order. Rules for incoming traffic under this must not be worthable after this.
Am i right or wrong?
regards,
Kamran Ayub
|
|
|
|
|
11-11-2014, 06:44 AM
|
#8
|
|
Moderator
Registered: Aug 2002
Posts: 26,734
|
With drop as the default policy you need to add rules for input and output. Having a default policy as accept and then as the last rule drop everything in the end works the same.
|
|
|
|
All times are GMT -5. The time now is 08:50 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
