Iptables

myubuntu · 03-13-2010, 11:30 PM

Hi Guys, I was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2
Doing this in VMware.....

iptables -A OUTPUT -o eth0 -p icmp -j DROP

& then I tried to ping the different computer & it didnt allow me to ping.
Then I deleted using the command -

iptables -D OUTPUT -o eth0 -p icmp -j DROP

then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.

I did a "dhclient" & iptables -F.......still no go......any clue......

datopdog · 03-14-2010, 01:53 AM

run

Code:

iptables -vnL

to see which rules are blocking you. P.S your rule was wrong you were blocking all icmp not just ping.

myubuntu · 03-14-2010, 03:29 AM

Quote:

Originally Posted by datopdog

run

Code:

iptables -vnL

to see which rules are blocking you. P.S your rule was wrong you were blocking all icmp not just ping.

did that no rules are blocking.....also pinged as you can at the bottom, pls let me know what else can be done.

linux-k6qk:~ # iptables -vnL
Chain INPUT (policy DROP 722 packets, 103K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 365 packets, 25028 bytes)
pkts bytes target prot opt in out source destination

Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination

Chain input_ext (0 references)
pkts bytes target prot opt in out source destination

Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
linux-k6qk:~ # ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
^C
--- 192.168.0.100 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6014ms

datopdog · 03-14-2010, 04:58 AM

your INPUT policy is DROP, that is why the traffic is not coming back.

run

Code:

iptables -P INPUT ACCEPT

myubuntu · 03-15-2010, 12:55 AM

Quote:

Originally Posted by datopdog

your INPUT policy is DROP, that is why the traffic is not coming back.

run

Code:

iptables -P INPUT ACCEPT

Hey thanks for your note.....but as I have mentioned above, I have added the rule (which I have typed below) & also I have deleted it,

iptables -A OUTPUT -o eth0 -p icmp -j DROP

Then I deleted using the command -

iptables -D OUTPUT -o eth0 -p icmp -j DROP

also cleaned it using iptables -F , but still couldn't ping & access internet, any clue .....pls let me know.

datopdog · 03-15-2010, 01:43 AM

well, am trying to tell you what is wrong and you do not seem to understand so have it your way.

myubuntu · 03-21-2010, 03:55 PM

Quote:

Originally Posted by datopdog

well, am trying to tell you what is wrong and you do not seem to understand so have it your way.

Hey Pal sorry for the delayed response. I followed the command you gave & it worked fine, thanks very much. Do you know how to make the SSH port listening in openSuse 11.2. I did try to edit the sshd_config & took off the # before the port 22......also tried to check the listening ports (using netstat -an | grep "LISTENING") & I couldnt see the 22 is listening. please let me know.