Softwares |
Main /
LearningIPTABLESAndFindingIPWhoisMain.LearningIPTABLESAndFindingIPWhois HistoryShow minor edits - Show changes to markup Deleted line 10:
Deleted line 15:
Deleted line 18:
Deleted line 24:
Changed lines 29-31 from:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT to:
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT Deleted line 40:
Deleted line 43:
Deleted line 46:
Deleted line 49:
Deleted line 52:
Deleted line 55:
Deleted line 59:
Added line 61:
Deleted line 62:
Deleted line 67:
Deleted line 72:
Deleted line 76:
Deleted line 79:
Deleted line 84:
Deleted line 87:
Deleted line 4:
Deleted line 5:
Deleted line 7:
Deleted line 22:
Deleted line 23:
Changed lines 25-27 from:
-s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. to:
-s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. Deleted line 29:
Added lines 1-117:
This file is the Kernel sysctl configuration file for Red Hat Linux. 4)Restart network service...../etc/init.d/network restart 5)start up iptables...../etc/init.d/iptables start 6) See if the modules for iptables are loaded or not, using the following command.. #lsmod |grep ip See../etc/modules.conf To insert a rule ... (-A) Append, delete (-D), replace (-R) or insert (-I), -L (list rules) Policies by default. iptables -P INPUT ACCEPT iptables -P OUTPUT DROP iptables -P FORWARD DROP accept all incoming ssh traffic iptables -A -INPUT -p tcp -m tcp -s 0/0 --dport 22 -j ACCEPT accept incoming ssh traffic from user Shibu iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 --dport 22 -j ACCEPT -A appends the rule to the firewall rule set -p represents protocol (which can be tcp, udp and icmp) -s signifies the source address, where 0/0 stands for any host, a specific host IP address can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. --dport points to the destination port; -j selects the target ACCEPT or DROP. manage ftp port traffic iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT My webmin port iptables -A -INPUT-p tcp -m tcp --dport 42009 -j ACCEPT SNMP monitoring iptables -A -INPUT-p udp -m udp --dport 161 -j ACCEPT iptables -A -INPUT-p udp -m udp --sport 1023:2999 -j ACCEPT POP mail iptables -A -INPUT-p tcp -m tcp --dport 110 -j ACCEPT --syn HTTPS iptables -A -INPUT-p tcp -m tcp --dport 443 -j ACCEPT --syn SMTP Traffic iptables -A -INPUT-p tcp -m tcp --dport 25 -j ACCEPT --syn HTTP iptables -A -INPUT-p tcp -m tcp --dport 80 -j ACCEPT --syn Urchin iptables -A -INPUT-p tcp -m tcp --dport 9999 -j ACCEPT --syn MySQL database server iptables -A -INPUT-p tcp -m tcp --dport 3306 -j ACCEPT --syn iptables -A L-INPUT-p udp -m udp --dport 3306 -j ACCEPT IMAP mail services iptables -A-INPUT-p tcp -m tcp --dport 143 -j ACCEPT --syn DNS iptables -A -INPUT-p tcp -m tcp --dport 53 -j ACCEPT --syn iptables -A -INPUT-p udp -m udp --dport 53 -j ACCEPT iptables -A -INPUT-p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT Localhost traffic iptables -A -INPUT-i lo -j ACCEPT -m (for matching) option in iptables Drop all other new requests iptables -A -INPUT -p tcp -m tcp -j REJECT --syn iptables -A -INPUT -p udp -m udp -j REJECT SYN Flood Protection iptables -A -INPUT ?p tcp --syn -m limit --limit 5/second -j ACCEPT Block host Access, Block malicious user iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 -j DROP Checking Firewall Logs Option 1 logging of drop/reject iptables -A -INPUT -j LOG --log-level alert Option 2 logging grep of log file iptables -A -INPUT -j LOG --log-prefix "Dropped: " IP whois whois [email protected] use the above command to query the arin ip database |