From IT Mission Linux Tips, Hacks, Tutorials, Howtos - Itmission.org

Main: LearningIPTABLESAndFindingIPWhois

This file is the Kernel sysctl configuration file for Red Hat Linux. 

	4)Restart network service...../etc/init.d/network restart 
	5)start up iptables...../etc/init.d/iptables start 
	6) See if the modules for iptables are loaded or not, using the following command.. 
	#lsmod |grep ip 
	See../etc/modules.conf 
	To insert a rule ... (-A) Append, delete (-D), replace (-R) or insert (-I), -L (list rules)

Policies by default. 

	iptables -P INPUT ACCEPT 
	iptables -P OUTPUT DROP 
	iptables -P FORWARD DROP

accept all incoming ssh traffic 

	iptables -A -INPUT -p tcp -m tcp -s 0/0 --dport 22 -j ACCEPT

accept incoming ssh traffic from user Shibu 

	iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 --dport 22 -j ACCEPT 
	 -A appends the rule to the firewall rule set 
	 -p represents protocol (which can be tcp, udp and icmp) 
	 -s signifies the source address, where 0/0 stands for any host, a specific host IP address

can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24. 

	--dport points to the destination port; 
	-j selects the target ACCEPT or DROP.

manage ftp port traffic 

        iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT

My webmin port

iptables -A -INPUT-p tcp -m tcp --dport 42009 -j ACCEPT

SNMP monitoring

iptables -A -INPUT-p udp -m udp --dport 161 -j ACCEPT iptables -A -INPUT-p udp -m udp --sport 1023:2999 -j ACCEPT

POP mail 

	iptables -A -INPUT-p tcp -m tcp --dport 110 -j ACCEPT --syn

HTTPS 

	iptables -A -INPUT-p tcp -m tcp --dport 443 -j ACCEPT --syn

SMTP Traffic 

	iptables -A -INPUT-p tcp -m tcp --dport 25 -j ACCEPT --syn

HTTP 

	iptables -A -INPUT-p tcp -m tcp --dport 80 -j ACCEPT --syn

Urchin 

	iptables -A -INPUT-p tcp -m tcp --dport 9999 -j ACCEPT --syn

MySQL database server 

	iptables -A -INPUT-p tcp -m tcp --dport 3306 -j ACCEPT --syn 
	iptables -A L-INPUT-p udp -m udp --dport 3306 -j ACCEPT

IMAP mail services 

	iptables -A-INPUT-p tcp -m tcp --dport 143 -j ACCEPT --syn

DNS 

	iptables -A -INPUT-p tcp -m tcp --dport 53 -j ACCEPT --syn 
	iptables -A -INPUT-p udp -m udp --dport 53 -j ACCEPT 
	iptables -A -INPUT-p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT

Localhost traffic 

	iptables -A -INPUT-i lo -j ACCEPT 

	-m (for matching) option in iptables

Drop all other new requests 

	iptables -A -INPUT -p tcp -m tcp -j REJECT --syn 
	iptables -A -INPUT -p udp -m udp -j REJECT

SYN Flood Protection 

	iptables -A -INPUT ?p tcp --syn -m limit --limit 5/second -j ACCEPT

Block host Access, Block malicious user 

	iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 -j DROP

Checking Firewall Logs

Option 1 logging of drop/reject 

	iptables -A -INPUT -j LOG --log-level alert

Option 2 logging grep of log file 

	iptables -A -INPUT -j LOG --log-prefix "Dropped: "

IP whois

whois [email protected]

use the above command to query the arin ip database

Retrieved from http://www.itmission.org/Main/LearningIPTABLESAndFindingIPWhois
Page last modified on July 12, 2006, at 06:38 PM