Re: iptables & tcp wrappers
From: TJ Easter (tjeaster_at_gmail.com)
Date: Tue, 28 Sep 2004 05:51:20 -0400 To: Meatplow <email@example.com>
On Fri, 24 Sep 2004 13:57:26 -0700, Meatplow <firstname.lastname@example.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I'm running RH Enterprise edition.
> I'm relatively new to iptables. I am getting the common intrusion
> attempts with some of the common uses of test/guest/root/ and a
> couple others I've been able to add the IPs to the to iptables.,
> I'd really like a log that tells me the info that I want to know.
> My basic input command is this :
> #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP
> iptables seem a little convoluted. Example. To delete a line -
> supposedly give it a line and it will be deleted/modified. My
> problem is even with #iptable -L -v there is no line number ?
> My goal is to block all incoming ssh attempts except IP#.
> This is where I got into hosts.allow/deny as mentioned below.
> I've tried to find many different types of commands and it works to
> some degree, but not the way I'd expect it to.
> Any help would be appreciated. I'm not completely sure that I
> understand iptables as well as I want/need to. I've also toyed
> around with the hosts.allow/hosts.deny and have not been successful.
> I know that there is a lot of info in here, and I'm tired. I'll
> leave it at that
> Thanks in advance for your time and help.
> greg ta meatplow.com
> Thanks again.
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> -----END PGP SIGNATURE-----
> Fedora-config-list mailing list
I've found it quite helpful to create a shell script to load the
firewall rules. The first line of the script blows away all rules
(iptables -F), then it proceeds to load the rules below that.
I have a basic script that follows the "explicitly allow what you
want, deny everything else" stance available at
http://tje.ssllink.net/firewall.tar.gz It should work with your
RedHat system. You can add the list of IPs and/or subnets that you
want SSH allowed to in your /etc/firewall/tcp.ssh file, and that's it
(provided you call it from cron - else you will need to run
/etc/init.d/firewall restart). All others will be denied SSH access
by the kernel.
All in all, nothing can replace reading and understanding the
documentation. The man page for iptables is quite informative, as is
the "packet filtering howto" available on www.netfilter.org.
-- Linux -- Because rebooting is for adding new hardware. http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x31185D8E