Recent Changes - Search:

Softwares

.

LearningIPTABLESAndFindingIPWhois

Main.LearningIPTABLESAndFindingIPWhois History

Hide minor edits - Show changes to output

July 12, 2006, at 06:38 PM by 210.18.59.46 -
Deleted line 10:
Deleted line 15:
Deleted line 18:
Deleted line 24:
Changed lines 29-31 from:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT
to:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT
Deleted line 40:
Deleted line 43:
Deleted line 46:
Deleted line 49:
Deleted line 52:
Deleted line 55:
Deleted line 59:
Added line 61:
Deleted line 62:
Deleted line 67:
Deleted line 72:
Deleted line 76:
Deleted line 79:
Deleted line 84:
Deleted line 87:
July 12, 2006, at 06:36 PM by 210.18.59.46 -
Deleted line 4:
Deleted line 5:
Deleted line 7:
Deleted line 22:
Deleted line 23:
Changed lines 25-27 from:
-s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24.
to:
-s signifies the source address, where 0/0 stands for any host, a specific host IP address

can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24.
Deleted line 29:
July 12, 2006, at 06:35 PM by 210.18.59.46 -
Added lines 1-117:
%blue%This file is the Kernel sysctl configuration file for Red Hat Linux.

4)Restart network service...../etc/init.d/network restart
5)start up iptables...../etc/init.d/iptables start

6) See if the modules for iptables are loaded or not, using the following command..

#lsmod |grep ip
See../etc/modules.conf

To insert a rule ... (-A) Append, delete (-D), replace (-R) or insert (-I), -L (list rules)

%blue%Policies by default.

iptables -P INPUT ACCEPT
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

%blue%accept all incoming ssh traffic

iptables -A -INPUT -p tcp -m tcp -s 0/0 --dport 22 -j ACCEPT

%blue%accept incoming ssh traffic from user Shibu

iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 --dport 22 -j ACCEPT

-A appends the rule to the firewall rule set

-p represents protocol (which can be tcp, udp and icmp)

-s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24.

--dport points to the destination port;

-j selects the target ACCEPT or DROP.

%blue%manage ftp port traffic

iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT

%blue%My webmin port

iptables -A -INPUT-p tcp -m tcp --dport 42009 -j ACCEPT

%blue%SNMP monitoring

iptables -A -INPUT-p udp -m udp --dport 161 -j ACCEPT
iptables -A -INPUT-p udp -m udp --sport 1023:2999 -j ACCEPT

%blue%POP mail

iptables -A -INPUT-p tcp -m tcp --dport 110 -j ACCEPT --syn

%blue%HTTPS

iptables -A -INPUT-p tcp -m tcp --dport 443 -j ACCEPT --syn

%blue%SMTP Traffic

iptables -A -INPUT-p tcp -m tcp --dport 25 -j ACCEPT --syn

%blue%HTTP

iptables -A -INPUT-p tcp -m tcp --dport 80 -j ACCEPT --syn

%blue% Urchin

iptables -A -INPUT-p tcp -m tcp --dport 9999 -j ACCEPT --syn

%blue%MySQL database server

iptables -A -INPUT-p tcp -m tcp --dport 3306 -j ACCEPT --syn
iptables -A L-INPUT-p udp -m udp --dport 3306 -j ACCEPT

%blue%IMAP mail services

iptables -A-INPUT-p tcp -m tcp --dport 143 -j ACCEPT --syn
%blue%DNS

iptables -A -INPUT-p tcp -m tcp --dport 53 -j ACCEPT --syn
iptables -A -INPUT-p udp -m udp --dport 53 -j ACCEPT
iptables -A -INPUT-p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT

%blue%Localhost traffic

iptables -A -INPUT-i lo -j ACCEPT

-m (for matching) option in iptables

%blue%Drop all other new requests

iptables -A -INPUT -p tcp -m tcp -j REJECT --syn
iptables -A -INPUT -p udp -m udp -j REJECT

%blue%SYN Flood Protection

iptables -A -INPUT ?p tcp --syn -m limit --limit 5/second -j ACCEPT

%blue%Block host Access, Block malicious user

iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 -j DROP

%blue%Checking Firewall Logs

%blue%Option 1 logging of drop/reject

iptables -A -INPUT -j LOG --log-level alert

%blue%Option 2 logging grep of log file

iptables -A -INPUT -j LOG --log-prefix "Dropped: "

%blue%IP whois

whois 210.548.48.23@whois.arin.net

use the above command to query the arin ip database
Edit - History - Print - Recent Changes - Search
Page last modified on July 12, 2006, at 06:38 PM