This file is the Kernel sysctl configuration file for Red Hat Linux.
4)Restart network service...../etc/init.d/network restart 5)start up iptables...../etc/init.d/iptables start 6) See if the modules for iptables are loaded or not, using the following command.. #lsmod |grep ip See../etc/modules.conf To insert a rule ... (-A) Append, delete (-D), replace (-R) or insert (-I), -L (list rules)
Policies by default.
iptables -P INPUT ACCEPT iptables -P OUTPUT DROP iptables -P FORWARD DROP
accept all incoming ssh traffic
iptables -A -INPUT -p tcp -m tcp -s 0/0 --dport 22 -j ACCEPT
accept incoming ssh traffic from user Shibu
iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 --dport 22 -j ACCEPT -A appends the rule to the firewall rule set -p represents protocol (which can be tcp, udp and icmp) -s signifies the source address, where 0/0 stands for any host, a specific host IP address
can be used (as in the example above), or a network segment can be denoted, such as 10.0.1.0/24.
--dport points to the destination port; -j selects the target ACCEPT or DROP.
manage ftp port traffic
iptables -A -INPUT-p tcp -m tcp --dport 21 -j ACCEPT
My webmin port
iptables -A -INPUT-p tcp -m tcp --dport 42009 -j ACCEPT
SNMP monitoring
iptables -A -INPUT-p udp -m udp --dport 161 -j ACCEPT iptables -A -INPUT-p udp -m udp --sport 1023:2999 -j ACCEPT
POP mail
iptables -A -INPUT-p tcp -m tcp --dport 110 -j ACCEPT --syn
HTTPS
iptables -A -INPUT-p tcp -m tcp --dport 443 -j ACCEPT --syn
SMTP Traffic
iptables -A -INPUT-p tcp -m tcp --dport 25 -j ACCEPT --syn
HTTP
iptables -A -INPUT-p tcp -m tcp --dport 80 -j ACCEPT --syn
Urchin
iptables -A -INPUT-p tcp -m tcp --dport 9999 -j ACCEPT --syn
MySQL database server
iptables -A -INPUT-p tcp -m tcp --dport 3306 -j ACCEPT --syn iptables -A L-INPUT-p udp -m udp --dport 3306 -j ACCEPT
IMAP mail services
iptables -A-INPUT-p tcp -m tcp --dport 143 -j ACCEPT --syn
DNS
iptables -A -INPUT-p tcp -m tcp --dport 53 -j ACCEPT --syn iptables -A -INPUT-p udp -m udp --dport 53 -j ACCEPT iptables -A -INPUT-p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT
Localhost traffic
iptables -A -INPUT-i lo -j ACCEPT -m (for matching) option in iptables
Drop all other new requests
iptables -A -INPUT -p tcp -m tcp -j REJECT --syn iptables -A -INPUT -p udp -m udp -j REJECT
SYN Flood Protection
iptables -A -INPUT ?p tcp --syn -m limit --limit 5/second -j ACCEPT
Block host Access, Block malicious user
iptables -A -INPUT -p tcp -m tcp -s 192.168.0.8 -j DROP
Checking Firewall Logs
Option 1 logging of drop/reject
iptables -A -INPUT -j LOG --log-level alert
Option 2 logging grep of log file
iptables -A -INPUT -j LOG --log-prefix "Dropped: "
IP whois
whois [email protected]
use the above command to query the arin ip database