[fw-wiz] iptables reject all packets for ssh port 22 except for my host name/ip issue ...
- From: "edward hotchkiss" <edward@xxxxxxxxxxxxxx>
- Date: Sun, 7 May 2006 19:03:09 -0400
I had iptables set to only allow ssh on port 22 from my hostname and ip
address (was not sure if host or ip was the proper way, did not want to
get locked out of my dedicated remote server). My control panel software
messed up something with named, so named is not running. When I
restarted the firewall after a reboot, with the EXACT SAME RULES as
before, I get the error:
[root@localhost /]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore v1.3.0: host/network
`my.host.my.isp.here.com' not found
Error occurred at line: 26
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
[FAILED]
Any ideas why this would be happening? Is named somehow used to resolve
hosts for iptables? Why would I get this error when the rules are the
same as before and have had them running for a long time, no issues? The
only two changes to the box is that named is not working, and that I
exported /sbin and /usr/sbin to my /etc/profile path because they were
not there for some reason. I am running fedora core 4.
Below are my rules attached:
Thanks in advance, edward!
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
# Bocacom additions
# Uncomment the next two lines to enable FTP
-A RH-Lokkit-0-50-INPUT -p tcp --dport 21 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m state --state RELATED,ESTABLISHED -j
ACCEPT
# Uncomment the next line to enable web access using HTTP and HTTPS
-A RH-Lokkit-0-50-INPUT -p tcp -m multiport --dport 80,443 --syn -j
ACCEPT
# Enable mail over POP and SMTP
-A RH-Lokkit-0-50-INPUT -p tcp -m multiport --dport 25,110 --syn -j
ACCEPT
# Enable ssh access
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 68.3.3.3 --dport 22 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s this.is.my.host.com --dport 22
-j ACCEPT
# Disable all other ssh access
-A RH-Lokkit-0-50-INPUT -p tcp --dport 22 -j DROP
# Enable external access to DNS on any ip
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 -d 0/0 -j ACCEPT
# Enable replies (FC4 does not punch them through properly)
-A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --sport 53 -d 0/0 -j ACCEPT
# Accept all local connections
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
# Reject everything else
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: [fw-wiz] Problem upgrading Pix 535 to 7.04
- Next by Date: [fw-wiz] How to Configure Cisco PIX Firewall Guide
- Previous by thread: [fw-wiz] Problem upgrading Pix 535 to 7.04
- Next by thread: [fw-wiz] How to Configure Cisco PIX Firewall Guide
- Index(es):
Relevant Pages
|
