|
Softwares          |
Main /
LearningIPTABLESAndFindingIPWhoisMain.LearningIPTABLESAndFindingIPWhois HistoryShow minor edits - Show changes to output Deleted line 10:
Deleted line 15:
Deleted line 18:
Deleted line 24:
Changed lines 29-31 from:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT to:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT Deleted line 40:
Deleted line 43:
Deleted line 46:
Deleted line 49:
Deleted line 52:
Deleted line 55:
Deleted line 59:
Added line 61:
Deleted line 62:
Deleted line 67:
Deleted line 72:
Deleted line 76:
Deleted line 79:
Deleted line 84:
Deleted line 87:
Deleted line 4:
Deleted line 5:
Deleted line 7:
Deleted line 22:
Deleted line 23:
Changed lines 25-27 from:
to:
-s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. Deleted line 29:
Added lines 1-117:
%blue%This file is the Kernel sysctl configuration file for Red Hat Linux. 4)Restart network service...../etc/init.d/network restart 5)start up iptables...../etc/init.d/iptables start 6) See if the modules for iptables are loaded or not, using the following command.. #lsmod |grep ip See../etc/modules.conf To insert a rule ... (-A) Append, delete (-D), replace (-R) or insert (-I), -L (list rules) %blue%Policies by default. iptables -P INPUT ACCEPT iptables -P OUTPUT DROP iptables -P FORWARD DROP %blue%accept all incoming ssh traffic iptables -A -INPUT -p tcp -m tcp -s 0/0 --dport 22 -j ACCEPT %blue%accept incoming ssh traffic from user Shibu iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 --dport 22 -j ACCEPT -A appends the rule to the firewall rule set -p represents protocol (which can be tcp, udp and icmp) -s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. --dport points to the destination port; -j selects the target ACCEPT or DROP. %blue%manage ftp port traffic iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT %blue%My webmin port iptables -A -INPUT-p tcp -m tcp --dport 42009 -j ACCEPT %blue%SNMP monitoring iptables -A -INPUT-p udp -m udp --dport 161 -j ACCEPT iptables -A -INPUT-p udp -m udp --sport 1023:2999 -j ACCEPT %blue%POP mail iptables -A -INPUT-p tcp -m tcp --dport 110 -j ACCEPT --syn %blue%HTTPS iptables -A -INPUT-p tcp -m tcp --dport 443 -j ACCEPT --syn %blue%SMTP Traffic iptables -A -INPUT-p tcp -m tcp --dport 25 -j ACCEPT --syn %blue%HTTP iptables -A -INPUT-p tcp -m tcp --dport 80 -j ACCEPT --syn %blue% Urchin iptables -A -INPUT-p tcp -m tcp --dport 9999 -j ACCEPT --syn %blue%MySQL database server iptables -A -INPUT-p tcp -m tcp --dport 3306 -j ACCEPT --syn iptables -A L-INPUT-p udp -m udp --dport 3306 -j ACCEPT %blue%IMAP mail services iptables -A-INPUT-p tcp -m tcp --dport 143 -j ACCEPT --syn %blue%DNS iptables -A -INPUT-p tcp -m tcp --dport 53 -j ACCEPT --syn iptables -A -INPUT-p udp -m udp --dport 53 -j ACCEPT iptables -A -INPUT-p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT %blue%Localhost traffic iptables -A -INPUT-i lo -j ACCEPT -m (for matching) option in iptables %blue%Drop all other new requests iptables -A -INPUT -p tcp -m tcp -j REJECT --syn iptables -A -INPUT -p udp -m udp -j REJECT %blue%SYN Flood Protection iptables -A -INPUT ?p tcp --syn -m limit --limit 5/second -j ACCEPT %blue%Block host Access, Block malicious user iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 -j DROP %blue%Checking Firewall Logs %blue%Option 1 logging of drop/reject iptables -A -INPUT -j LOG --log-level alert %blue%Option 2 logging grep of log file iptables -A -INPUT -j LOG --log-prefix "Dropped: " %blue%IP whois whois [email protected] use the above command to query the arin ip database |