Help needed for IPTABLES

Mailing List

Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Installation - Getting started with Red Hat Linux

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 8.0 - Discussion of Red Hat Linux 8.0 (Psyche)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.1 - Discussion of Red Hat Linux 7.1 (Seawolf)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Help needed for IPTABLES

Help needed for IPTABLES

2004-02-05 - By Paulo Henrique Rodrigues

Back

Reply: 1 2 3

Hi Grinberg!

You can use it:

iptables -F INPUT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -d $IP --dport 22 -j ACCEPT
iptables -A INPUT -j DROP

Try this!

Best regards

Paulo Henrique Rodrigues
e-mail: pauloh@(protected)
Corporate IT Support
Infortron - Assist��ncia T��cnica e Com��rcio Ltda
visit us at: http://www.infortron.com.br/linux
+55 (15) 3237.9200 - Sorocaba/SP/Brasil

-- -- Original Message -- --
From: Grinberg, Hari
To: Redhat General List
Sent: Thursday, February 05, 2004 3:40 PM
Subject: Help needed for IPTABLES

All experts Hi,

I try to secure a RedHat ES 3.0
I have two NIC 's etho and eth1.

I want to at the begging to drop everything on eth0 and accept only what i need like SSH.

I use this rules

iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISH, RELATED -j ACCEPT

for dropping all connection i use this rule

iptables -A INPUT -i eth0 -p tcp --tcp-option ! 2 REJECT --reject-with tcp-reset

for accepting i use this rule

iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

basically i stop all connection but it effect booth eth0 and eth1
and for port 22 i can 't connect , surprise when i run iptables -L -v i get as SSH connection was accepted.

at the same time i found that the output connection like internet do not work.

i need help on this issue.

Thanks
Hari

***********************************************************************************
Information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the postmaster@(protected) and destroy the original message.
***********************************************************************************

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN " >
<HTML > <HEAD >
<META http-equiv=Content-Type content= "text/html; charset=iso-8859-1 " >
<META content= "MSHTML 6.00.2600.0 " name=GENERATOR >
<STYLE > </STYLE >
</HEAD >
<BODY bgColor=#ffffff >
<DIV > <FONT face=Arial size=2 >Hi Grinberg! </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >You can use it: </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >iptables -F INPUT <BR >iptables -A INPUT -i lo -j
ACCEPT <BR >iptables -A INPUT -p tcp -i eth0 -d $IP --dport 22 -j
ACCEPT <BR >iptables -A INPUT -j DROP </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >Try this! </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >Best regards </FONT > </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > </DIV >
<DIV > <FONT face=Arial size=2 >Paulo Henrique Rodrigues <BR >e-mail: <A
href= "mailto:pauloh@(protected) " >pauloh@(protected) </A > <BR >Corporate
IT Support <BR >Infortron - Assist��ncia T��cnica e Com��rcio Ltda <BR >visit us at: <A
href= " http://www.infortron.com.br/linux " > http://www.infortron.com.br/linux </A > <BR >+55
(15) 3237.9200 - Sorocaba/SP/Brasil <BR > </FONT > </DIV >
<BLOCKQUOTE
style= "PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px " >
<DIV style= "FONT: 10pt arial " >-- -- Original Message -- -- </DIV >
<DIV
style= "BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black " > <B >From: </B >
<A title=Hgrinberg@(protected)
href= "mailto:Hgrinberg@(protected) " >Grinberg, Hari </A > </DIV >
<DIV style= "FONT: 10pt arial " > <B >To: </B > <A title=redhat-list@(protected)
href= "mailto:redhat-list@(protected) " >Redhat General List </A > </DIV >
<DIV style= "FONT: 10pt arial " > <B >Sent: </B > Thursday, February 05, 2004 3:40
PM </DIV >
<DIV style= "FONT: 10pt arial " > <B >Subject: </B > Help needed for IPTABLES </DIV >
<DIV > <FONT face=Arial size=2 > </FONT > <FONT face=Arial size=2 > </FONT > <FONT
face=Arial size=2 > </FONT > <FONT face=Arial size=2 > </FONT > <FONT face=Arial
size=2 > </FONT > <BR > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >All experts
Hi, </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I try to secure a
RedHat ES 3.0 </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I have two NIC 's
etho and eth1. </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I want to at the
begging to drop everything on eth0 and accept only what i need like
SSH. </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I use this
rules </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >iptables -A INPUT
-i lo -p all -j ACCEPT </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A OUTPUT -o lo -p all -j
ACCEPT </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A INPUT -i eth0 -m state --state ESTABLISH,
RELATED -j ACCEPT </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >for dropping all connection i use this
rule </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 >iptables -A INPUT -i
eth0 -p tcp --tcp-option ! 2 REJECT --reject-with
tcp-reset </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 >for accepting i use
this rule </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A INPUT -p tcp -i eth0 --dport 22 -j
ACCEPT </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >basically i stop all connection but it effect booth
eth0 and eth1 </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >and for port 22 i can 't connect , surprise when i
run iptables -L -v i get as SSH connection was
accepted. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >at the same time i found that the output connection
like internet do not work. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >i need help on this
issue. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=Arial > <FONT face=David size=2 > <SPAN
class=875551317-05022004 >Thanks </SPAN > </FONT > </FONT > </DIV >
<DIV > <FONT face=Arial > <FONT face=David size=2 > <SPAN
class=875551317-05022004 >Hari </SPAN > </FONT > </DIV > </FONT >
<DIV > </DIV >*********************************************************************************** <BR >Information
contained in this email message is intended only for use of the individual or
entity named above. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please immediately notify the
postmaster@(protected) and destroy the original
message. <BR >***********************************************************************************
</BLOCKQUOTE > </BODY > </HTML >