Firewall issues

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Firewall issues

Firewall issues

2003-06-03 - By Trey Gruel

Back

Reply: 1 2 3

I've set up a iptables firewall on my RH7.2 box, but I'm running into an
odd problem. After I set up the firewall, everything works fine for a
few hours. But after a while (not sure the exact amount of time), the
computer stops responding to requests on the open ports. Looking at the
output from iptables -vL, I can see the requests coming in and passing
the appropriate rule, but then nothing happens (almost as if the packet
is dropped). Here is the firewall as I have it set up:

iptables -P INPUT DROP

# create our own chains
iptables -N allow
iptables -N block
iptables -N logdrop

# what to allow
iptables -A allow -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A allow -m state --state NEW -i ! eth0 -j ACCEPT # allow lan
iptables -A allow -p icmp -j ACCEPT # pings,
traceroute, etc
iptables -A allow -p tcp --dport ssh -j ACCEPT # ssh
iptables -A allow -p tcp --dport ftp -j ACCEPT # ftp
iptables -A allow -p tcp --dport 62000:64000 -j ACCEPT # passive ftp

# explicit blocks
# netbios broadcasts.. no point in filling the logs with them
iptables -A block -p tcp -i eth0 --dport 137:139 -j DROP
iptables -A block -p udp -i eth0 --dport 137:139 -j DROP

# log and drop
iptables -A logdrop -p tcp -m limit --limit 3/s -j LOG --log-level 6
--log-prefix "TCP Dropped: "
iptables -A logdrop -p udp -m limit --limit 3/s -j LOG --log-level 6
--log-prefix "UDP Dropped: "
iptables -A logdrop -p icmp -m limit --limit 3/s -j LOG --log-level 6
--log-prefix "ICMP Dropped: "
iptables -A logdrop -f -m limit --limit 3/s -j LOG --log-level 6
--log-prefix "FRAGMENT Dropped: "
iptables -A logdrop -j DROP

# set the user defined in INPUT
iptables -A INPUT -j allow
iptables -A INPUT -j block
iptables -A INPUT -j logdrop

The machine has 3 ethernet cards (one not being used). eth0 is the
connection to the outside world and eth1 is on the local lan. I set up
the block chain because I was getting so many NETBIOS hits it was
rediculous. I have tried changing the INPUT tables policy to ACCEPT,
but it still doesn't work..

Any help would be greatly appreciated.

--
Trey Gruel
tgruel@(protected)