HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   iptables (http://www.howtoforge.com/forums/showthread.php?t=13617)

tommytomato 23rd June 2007 10:00

iptables
 
Hi all

I think i have iptables worked out, got one problem every time i reboot, I lose the iptables that i created.

I saved the files and then ran iptables -L to see my home made fire wall, I log in via another PC on my network and I'm able to log in.

How do you save it so it boots up at the start :confused:

TT

falko 24th June 2007 19:28

How do you start the iptables firewall? Did you install an iptables-based firewall package such as shorewall or Bastille, or did you make your own custom iptables firewall?

tommytomato 25th June 2007 02:56

Quote:

Originally Posted by falko
How do you start the iptables firewall? Did you install an iptables-based firewall package such as shorewall or Bastille, or did you make your own custom iptables firewall?

I made a custom one, well at lest i'm trying to ;)

here it is

Code:

~# cat /etc/firewall.bash
#!/bin/bash

# No spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi

# No icmp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#load some modules you may need
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe iptable_filter
modprobe iptable_nat

# Remove all rules and chains
iptables -F
iptables -X

# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Create 2 chains, it allows to write a clean script
iptables -N FIREWALL
iptables -N TRUSTED

iptables -A INPUT -s 83.132.97.14 -j DROP
iptables -A INPUT -s 81.199.85.110 -j DROP
iptables -A INPUT -s 218.16.120.80 -j DROP
iptables -A INPUT -s 210.59.228.94 -j DROP
iptables -A INPUT -s 219.153.0.218 -j DROP
iptables -A INPUT -s 63.93.95.121 -j DROP
iptables -A INPUT -s 203.134.154.2 -j DROP
iptables -A INPUT -s 67.52.65.10 -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 127.0.0.0/255.0.0.0 -j DROP
iptables -A INPUT -d 127.0.0.0/255.0.0.0 -j DROP
iptables -A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT

I want to be able to open up ports 25 and 110 on my router, but block all access from the outside apart from my localnetwork, can this be done ?

I still want to be able to send and recive from the out side thou:scratch: I hope that makes sence :rolleyes:

TT

falko 25th June 2007 17:01

If you are on Debian/ubuntu, you can rename your iptables script to /etc/network/if-up.d/iptables:
Code:

mv /etc/firewall.bash /etc/network/if-up.d/iptables
and make it executable:
Code:

chmod 755 /etc/network/if-up.d/iptables
The script will then be started automatically whenever you boot the system.


All times are GMT +2. The time now is 05:29.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.