Results 1 to 6 of 6
Thread: iptables nightmare
-
12-22-2013, 09:21 PM #1Junior Guru
- Join Date
- Nov 2013
- Posts
- 182
iptables nightmare
So I'm securing IP tables:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Why is this happening? Guides I have been reading say this shouldn't happen.
-
12-22-2013, 09:25 PM #2Web Hosting Evangelist
- Join Date
- May 2009
- Location
- Markham, Canada
- Posts
- 458
Before you do
Code:iptables -P INPUT DROP
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -P INPUT DROPDan
Check out our premium self-managed SSD VPS
-
12-22-2013, 09:28 PM #3Junior Guru
- Join Date
- Nov 2013
- Posts
- 182
-
12-22-2013, 10:06 PM #4Web Hosting Evangelist
- Join Date
- May 2009
- Location
- Markham, Canada
- Posts
- 458
Correction: what I posted will "whitelist" all connections to port 22, not just your ip
Dan
Check out our premium self-managed SSD VPS
-
12-22-2013, 10:35 PM #5Temporarily Suspended
- Join Date
- May 2013
- Location
- India
- Posts
- 747
Single user mode is not needed if you didn't save your rule ( guess you couldn't save it as it would lock you immediately after you put default DROP policy without adding proper whitelist ); the lockout can be fixed just by a reboot and it will overwrite your iptables changes. Initially do a global ( or for necessary IPs ) whitelist for specific ports you want to open; then only add the default chain policy to DROP.
-
12-23-2013, 05:27 AM #6WHT Addict
- Join Date
- Feb 2011
- Posts
- 129
As an alternative you can use CSF --> http://configserver.com/cp/csf.html
It's (among other things) an excellent iptables GUI
Similar Threads
-
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid
By pooyan in forum Hosting Security and TechnologyReplies: 5Last Post: 03-28-2012, 08:33 AM -
can't initialize iptables table `filter': iptables who? (do you need to insmod?)
By elvis1 in forum Hosting Security and TechnologyReplies: 8Last Post: 11-29-2010, 12:02 AM -
after flush+zero iptables, will a new iptables ban work?
By Tertsi in forum Hosting Security and TechnologyReplies: 2Last Post: 01-06-2008, 12:04 AM -
APF & iptables... hm.. iptables is not starting..
By LowAsYou in forum Hosting Security and TechnologyReplies: 10Last Post: 11-10-2006, 11:18 PM -
How to find IPtables (I can't restart iptables without a reboot)
By DSD in forum Hosting Security and TechnologyReplies: 13Last Post: 12-28-2005, 03:51 PM