Archive for the tag 'iptables'

SBDavid
May 8th, 2009

Adding comments to iptables.

Adding comments to iptables.

comment

Allows you to add comments (up to 256 characters) to any rule.

–comment comment

Example:

iptables -A INPUT -s 192.168.0.0/16 -m comment –comment “A privatized IP block”
SBDavid
May 8th, 2009

iptables to block incomming traffic but not effect outgoing traffic.

Using iptables to block incomming traffic but not effect outgoing traffic.

Solution:

iptables -F INPUT
iptables -A INPUT -m state –state ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT

The below command permits incomming packets only if they are part of established outgoing connections.

iptables -A INPUT -m state –state ESTABLISHED -j ACCEPT
SBDavid
May 8th, 2009

Using iptables to reject spoofing

Using iptables to reject spoofing.

If you have a Linux machine acting as a firewall for an internal network 192.168.0.* with two network interface.

Solution:

iptables -A -input -i external_interface -s 192.168.0.0/24 -j REJECT

*The Linux firewall can refuse packets in two manager - iptables call them DROP and REJECT.

SBDavid
May 8th, 2009

Enabling Source Address Verification

Enabling Source Address Verification

To prevent remote host from spofing incoming packets as if they had come from the local machine.

Solution:

Trun on source address verification in the Linux kernel.

echo 1 > /pro/sys/net/ipv4/default/rp_filter

A quick method is to add this line to /etc/sysctl.conf

net.ipv4.conf.all.rp_filter = 1

And then run the sysctl command to read the configuration.

sysctl -p

DESCRIPTION

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.

EXAMPLES

/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=”example.com”
/sbin/sysctl -p /etc/sysctl.conf

-w Use this option when you want to change a sysctl setting.

-p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. Specifying - as filename means reading data from standard input.

-a Display all values currently available.

-A Display all values currently available in table form.

SBDavid
May 6th, 2009

Configuring Your Firewall For Webmin

The simplest way to open up port 10000 is to use one of the Webmin firewall management modules, such as Linux Firewall, BSD Firewall or IPFilter Firewall. However, to access this you’ll need to run a brower on the same system as Webmin, and access it via the URL http://localhost:10000/.

The alternative is to login as root via SSH, and manually edit the firewall configuration file. On Redhat and derived systems, this is /etc/sysconfig/iptables, while on Debian it is /var/lib/iptables. The line you need to add is :

-A INPUT -p tcp -m tcp –dport 10000 -j ACCEPT

Once this line has been added, you will need to apply the firewall configuration. This is typically done with the command

/etc/init.d/iptables restart

« Prev