iptables install

This is a discussion on iptables install within the Linux Security forums, part of the System Security and Security Related category; I am a new user of linux and I have a dedicated server that I use for my web sites. ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page iptables install

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-07-2004
Sam
 
Posts: n/a
Default iptables install
I am a new user of linux and I have a dedicated server that I use for
my web sites. I am trying to set up an iptables firewall and all of
the material, incuding netfilter.org, that I have found is for
experienced linux users. Is there any material available for someone
new to linux to help me build a firewall?
Reply With Quote
  #2 (permalink)  
Old 09-07-2004
Zach Nation
 
Posts: n/a
Default Re: iptables install
I've attached my rc.firewall script to this--I suggest using that as a
base for a customizable (fairly secure) firewall with iptables. You
should be able to get the hang of it... it's an editable text file,
first off. The first line tells it to be interpreted by the shell. Every
line after that is either a command, or a comment... the comments are
the lines that start with "#" (minus quotes), and those lines are
ignored. Rules to go by:

1) If you want a particular line to be ignored (say, don't open up port
80), put a # in front of that line.
2) If you want a particular line to be followed, uncomment it (remove the #)
3) The way it is set up now, it automatically blocks all incoming
traffic except for the ports specifically allowed. To specifically allow
more ports, use the exact line for allowing the ports that are allowed
already, but replace the port number with the one you want. You can
always add more lines to this file.

To install this script, put it as /etc/rc.d/rc.firewall (use the "mv"
command at the command line to put it there)... and then put a line in
/etc/rc.d/rc.local that says "/etc/rc.d/rc.firewall" (this will tell
rc.local to run the rc.firewall script).

Hope that helps.

Sam wrote:
> I am a new user of linux and I have a dedicated server that I use for
> my web sites. I am trying to set up an iptables firewall and all of
> the material, incuding netfilter.org, that I have found is for
> experienced linux users. Is there any material available for someone
> new to linux to help me build a firewall?

#!/bin/sh


#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/sbin/iptables

#flush existing rules
$IPTABLES -F INPUT

#This allows all data that has been sent out for the computer running the firewall
# to come back
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp


#Allow traffic from ethernet adapter eth1 to pass through if
#you have a network, or
#as using linux as a router for internet etc.
#Your first ethernet card is eth0 and the second would be eth1 etc.
#$IPTABLES -A INPUT -i eth1 -j ACCEPT


#Allow incoming FTP requests
#$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

#Allow incoming SSH requests
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

#Allow incoming HTTP requests (to Web server)
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

#Allow incoming mail requests
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 25 -j ACCEPT

#Allow incoming SMB requests
$IPTABLES -A INPUT -p tcp --dport 139 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 137 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 138 -j ACCEPT

#Allow Ping echo
#I have commented this line, so ping from an outside machine will not work.
#Uncomment the next line to make ping from outside work.
$IPTABLES -A INPUT -p icmp -j ACCEPT


#Drop and log all other data
#The logging is set so if more than 5 packets are dropped in
#three seconds they will be ignored. This helps to prevent a DOS attack
#Crashing the computer the firewall is running on
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP

#The logs from the firewall are put into your system log file, which can be found at #/var/log/syslog

Reply With Quote
  #3 (permalink)  
Old 09-07-2004
Colin McKinnon
 
Posts: n/a
Default Re: iptables install
Zach Nation wrote:

> I've attached my rc.firewall script to this--I suggest using that as a
> base for a customizable (fairly secure) firewall with iptables. You
<snip>

Or get hold of firestarter ( http://firestarter.sourceforge.net/ ) which is
so simple even I can use it.

HTH

C.
Reply With Quote
  #4 (permalink)  
Old 09-07-2004
Alexander Harsch
 
Posts: n/a
Default Re: iptables install
Zach Nation wrote:

> I've attached my rc.firewall script to this--I suggest using that as a
> base for a customizable (fairly secure) firewall with iptables. You
> should be able to get the hang of it... it's an editable text file,
> first off. The first line tells it to be interpreted by the shell. Every
> line after that is either a command, or a comment... the comments are
> the lines that start with "#" (minus quotes), and those lines are
> ignored. Rules to go by:
>
> 1) If you want a particular line to be ignored (say, don't open up port
> 80), put a # in front of that line.
> 2) If you want a particular line to be followed, uncomment it (remove the
> #) 3) The way it is set up now, it automatically blocks all incoming
> traffic except for the ports specifically allowed. To specifically allow
> more ports, use the exact line for allowing the ports that are allowed
> already, but replace the port number with the one you want. You can
> always add more lines to this file.
>
> To install this script, put it as /etc/rc.d/rc.firewall (use the "mv"
> command at the command line to put it there)... and then put a line in
> /etc/rc.d/rc.local that says "/etc/rc.d/rc.firewall" (this will tell
> rc.local to run the rc.firewall script).
>
> Hope that helps.
>
> Sam wrote:
>> I am a new user of linux and I have a dedicated server that I use for
>> my web sites. I am trying to set up an iptables firewall and all of
>> the material, incuding netfilter.org, that I have found is for
>> experienced linux users. Is there any material available for someone
>> new to linux to help me build a firewall?
Hello,

is this the config you are using? Do DNS lookups work? Can you download
something via ftp? Have you ever had problems with icmp redirects?....

Alex
Reply With Quote
  #5 (permalink)  
Old 09-07-2004
Sam
 
Posts: n/a
Default Re: iptables install
sam@sam-sinopoli.com (Sam) wrote in message news:<394e2555.0409061657.63635d65@posting.google. com>...
> I am a new user of linux and I have a dedicated server that I use for
> my web sites. I am trying to set up an iptables firewall and all of
> the material, incuding netfilter.org, that I have found is for
> experienced linux users. Is there any material available for someone
> new to linux to help me build a firewall?



Thanks everyone for all the help. This is one of the main reasons why
after 20+ years of using windows, I am changing to linux. There is
help from other great users.
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 11:41 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0