SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to know how to open and close ports with iptables. I have them configured but I want to be able to open some ports. I also want to know what this means:
INPUT packet died: IN=ppp0 OUT= MAC= SRC=69.0.9.32 DST=69.212.106.226 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=64083 DF PROTO=TCP SPT=3916 DPT=5554 WINDOW=64240 RES=0x00 SYN URGP=0
INPUT packet died: IN=ppp0 OUT= MAC= SRC=69.0.9.32 DST=69.212.106.226 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=64285 DF PROTO=TCP SPT=3916 DPT=5554 WINDOW=64240 RES=0x00 SYN URGP=0
INPUT packet died: IN=ppp0 OUT= MAC= SRC=69.50.188.131 DST=69.212.106.226 LEN=470 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=53584 DPT=1026 LEN=450
INPUT packet died: IN=ppp0 OUT= MAC= SRC=69.50.188.131 DST=69.212.106.226 LEN=470 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=53670 DPT=1027 LEN=450
Some persons or program tried to access your mahine on port TCP 5554, UDP 1026 and 1027
but with no success. I assume you set "packet died" as the prefix for your iptables log, isn't it ?
to open a port on your machine, say TCP 5554, try :
iptables -A INPUT -i eth0 -p tcp --dport 5554 -m state --state ! INVALID -j ACCEPT
to open a port on your machine, say UDP 1027, try :
iptables -A INPUT -i eth0 -p udp --dport 1027 -j ACCEPT
btw: something weird happened, after I set up my iptables my rc.M dissapeared. :| and I had to rename rc.M.new to rc.M, will that make a difference with the oidentd.
iptables -A INPUT -i ppp0 -p tcp --dport 113 -m state --state NEW -j ACCEPT
Or alternativly, download IPKungFU from www.linuxkungfu.org, after you run the simple install script edit /etc/ipkungfu/ipkungfu.conf and add 113 to ALLOWED_TCP_IN section then rerun the command ipkungfu as root.
If you want to learn how to do iptables rules, no better way then looking at an existing script. Just run iptables-save > rules.txt and grep for whatever you are looking for.
Originally posted by Cedrik Hey I just tested it yeah maybe it is good for education purpose but script need
changes to be workable, frankly.
I think the best to learn iptables is to learn a little network protocols in a first step.
By it do you mean Ipkungfu or iptables-save? And if you meant IPkungfu, can you elaborate on what changes you think should be made.
Also I agree with knowing the various layers that protocols operate and how, I was under the assumption that this knowledge is known but you are just looking for syntax.
I talked about http://easyfwgen.morizot.net/gen/, I never installed Ipkungfu, I use iptables for my part just for the net filter options, I don't need more.
Ah, OK I felt the same way. To me I couldnt stand using that (or 99.9% of the other firewall scripts out there) because it's one huge monolithic file. The reason why I always recommend IPKungfu is because its the only one I know of that organizes the differnt functionalities of iptables into their own seperate conf files and at the same time making the syntax idiotically simple.
Yes, I understand you, but I take some fun to do the script myself, it is 100% bash ( ...so it's fun ), you can run for loops with port numbers, play with variables, etc..
Oh yea, once you got the syntax down, playing around in bash is definitely fun. But playing with Bash + C + Iptables is even more fun I actually created my own little "extension" to IPkungfu and have sent it to the author and waiting to see if it will make it into the next release due out in the next month or so. IPkungfu is 100% bash currently, so im not so sure how's he going to take to my little C program. Its working on my box right now, if you wanna see what I mean try the following command, the output might not be what you expect
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.