Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-09-2007, 01:35 AM   #1
Beta Member
 
Join Date: Jan 2007
Posts: 5
Default iptables firewall

I've been trying to block all ports udp,tcp,icmp execpt 80tcp and 53tcp so i can use the internet. The problem is it won't let me use the internet if i block tcp and udp ports. This is the commands i'm using.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I INPUT -p icmp -j DROP

Thanks
__________________

crimp is offline   Reply With Quote
Old 01-09-2007, 11:31 AM   #2
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: iptables firewall

try dropping ports before you accept ports,
you're telling it to accept ports that you already allow, then instructing it to drop ports.

TBH I've always found IPtables a bit of a bugger to use, but there are, (assuming you have an X console running) some pretty nice graphical apps for configuring it, that dumb it down to a few check boxes to drop all but http...


but as I said, before you go that far, just try re-arranging the order of the commands.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 01-09-2007, 07:04 PM   #3
Beta Member
 
Join Date: Jan 2007
Posts: 5
Default Re: iptables firewall

thanks for the idea, i tryed it it but no luck i tryed changeing it to this
iptables -F
iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -I OUTPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p tcp --dport 3600 -j ACCEPT
//iptables -I INPUT -p udp -j DROP
//iptables -I INPUT -p tcp -j DROP
iptables -L

What GUI do you use to configure your firewall?
Thanks
crimp is offline   Reply With Quote
Old 01-12-2007, 07:53 AM   #4
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: iptables firewall

I was thikning more something like this...

iptables -I INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT

but actually that won't work either!!

the syntax for what you are rtying to do is all wrong. I assume that you are trying to, bascially you want to be able to browse the web, but you want to protect your computer from outside attack, and you'd want to stop your computer making connections to other people...

anyway..
(from: http://oob.freeshell.org/nzwireless/firewall.html)

this is what your conf file should look like.
Code:
### IP table conf file ###

# Set default policies (drop all connections)
:INPUT DROP [1:44] 
:FORWARD DROP [0:0] 
:OUTPUT ACCEPT [27040:2493902] 

#allow web traffic requests out
-A OUTPUT -p tcp --dport 80 -j ACCEPT
#allow DNS out
-A OUTPUT -p tcp --dport 53 -j ACCEPT

#do it!
COMMIT
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:48 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0