[SOLVED] iptables blocking certain ports. How do I allow for access?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK, please forgive me for not reading all the post thus far. I have a few questions for you.
Where is this firewall deployed?
How many interfaces are connected to this device?
Why are you doing all this excessive logging?
What ports do you need to get through?
Once I have all this information I believe I can get you on the right track.
Thanks, but I got it figured out...
This is the full set of rules. Adding rule 20 allow connection to computers on the LAN. I didn't need to add the samba rules. Now I have hardware protection and software protection, just how I like it!!!!!!! Thanks again.
Code:
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -N drop_invalid
iptables -A OUTPUT -m state --state INVALID -j drop_invalid
iptables -A INPUT -m state --state INVALID -j drop_invalid
iptables -A INPUT -p tcp -m tcp --sport 1:65535 --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j drop_invalid
iptables -A drop_invalid -j LOG --log-level debug --log-prefix "INVALID state -- DENY"
iptables -A drop_invalid -j DROP
iptables -N In_RULE_0
iptables -A INPUT -i wlan0 -s darkstar -j In_RULE_0
iptables -A In_RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY"
iptables -A In_RULE_0 -j DROP
iptables -N In_RULE_1
iptables -A INPUT -p icmp -m icmp --icmp-type any -j In_RULE_1
iptables -A In_RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY"
iptables -A In_RULE_1 -j DROP
iptables -N In_RULE_2
iptables -A INPUT -p tcp -m tcp --dport 43 -j In_RULE_2
iptables -A In_RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY"
iptables -A In_RULE_2 -j DROP
iptables -N In_RULE_3
iptables -A INPUT -p tcp -m tcp --tcp-flags ALL URG,PSH,FIN -j In_RULE_3
iptables -A In_RULE_3 -j LOG --log-level info --log-prefix "RULE 3 -- DENY"
iptables -A In_RULE_3 -j DROP
iptables -N In_RULE_4
iptables -A INPUT -p tcp -m tcp --tcp-flags ALL URG,ACK,PSH,RST,SYN,FIN -j In_RULE_4
iptables -A In_RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- DENY"
iptables -A In_RULE_4 -j DROP
iptables -N In_RULE_5
iptables -A INPUT -p all -f -j In_RULE_5
iptables -A In_RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY"
iptables -A In_RULE_5 -j DROP
iptables -N In_RULE_6
iptables -A INPUT -p udp -m udp --dport 513 -j In_RULE_6
iptables -A In_RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- DENY"
iptables -A In_RULE_6 -j DROP
iptables -N In_RULE_7
iptables -A INPUT -p udp -m udp --dport 33434:33524 -j In_RULE_7
iptables -A In_RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- DENY"
iptables -A In_RULE_7 -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 143 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 465 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 500 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 993 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 995 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 1701 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 4500 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 6667 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 6697 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 6881 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 6881 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 7881 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 8881 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 8881 -m state --state NEW -j ACCEPT
iptables -N RULE_17
iptables -A OUTPUT -p tcp -m tcp --dport 21 -j RULE_17
iptables -A OUTPUT -p tcp -m tcp --sport 1024: --dport 1024: -j RULE_17
iptables -A RULE_17 -j LOG --log-level info --log-prefix "RULE 17 -- ACCEPT"
iptables -A RULE_17 -j ACCEPT
iptables -N RULE_18
iptables -A OUTPUT -p udp -m udp --sport 123 -j RULE_18
iptables -A INPUT -p udp -m udp --dport 123 -j RULE_18
iptables -A RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- ACCEPT"
iptables -A RULE_18 -j ACCEPT
iptables -N RULE_19
iptables -A OUTPUT -p tcp -m tcp --dport 3389 -j RULE_19
iptables -A OUTPUT -p udp -m udp --dport 3389 -j RULE_19
iptables -A RULE_19 -j LOG --log-level info --log-prefix "RULE 19 -- ACCEPT"
iptables -A RULE_19 -j ACCEPT
iptables -N RULE_20
iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j RULE_20
iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j RULE_20
iptables -A RULE_20 -j LOG --log-level info --log-prefix "RULE 20 -- ACCEPT"
iptables -A RULE_20 -j ACCEPT
iptables -N RULE_21
iptables -A OUTPUT -p udp -m udp -j RULE_21
iptables -A INPUT -p udp -m udp -j RULE_21
iptables -A RULE_21 -j LOG --log-level info --log-prefix "RULE 21 -- DENY"
iptables -A RULE_21 -j DROP
iptables -N RULE_22
iptables -A OUTPUT -p tcp -m tcp -j RULE_22
iptables -A INPUT -p tcp -m tcp -j RULE_22
iptables -A RULE_22 -j LOG --log-level info --log-prefix "RULE 22 -- DENY"
iptables -A RULE_22 -j DROP
iptables -N RULE_23
iptables -A OUTPUT -d darkstar -j RULE_23
iptables -A INPUT -j RULE_23
iptables -A RULE_23 -j LOG --log-level info --log-prefix "RULE 23 -- DENY"
iptables -A RULE_23 -j DROP
Last edited by PROBLEMCHYLD; 10-18-2018 at 09:48 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.