Results 1 to 4 of 4
Thread: this iptable
-
07-30-2002, 02:13 PM #1Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
this iptable
ok i have been looking at iptables and have been studying it.
am i right in thinking that the iptable below will only let incomming packets on port 80, unless my server talks to the recieving computer first
iptables -A INPUT -i eth0 -p tcp --syn --destination-port ! 80 -j DROP
if i am totally wrong, please tell me, as i really wanna learn, thanx
-
08-01-2002, 01:53 PM #2Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
ok i take it that it is wrong, because no-one has said anything about it, and its had 39 views.
ill go find some more tutorials
-
08-01-2002, 07:54 PM #3Web Hosting Master
- Join Date
- Jul 2001
- Location
- /dev/null
- Posts
- 1,219
First close all the ports. Then open port 80 AND all other ports you need. Be careful not to lock yourself out.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
Code:iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0-p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-
08-02-2002, 03:16 PM #4Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
ok cheers
looking at what you have given me, i think this (tell me if im wrong)
this closes all ports :
PHP Code:iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
PHP Code:iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0-p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
PHP Code:iptables -A INPUT -i eth0 -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0-p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
Matt