RE: iptables & tcp wrappers
From: Whelan, Paul (Paul.Whelan_at_fmr.com)
Date: 09/30/04
- Previous message: harry: "Re: iptables & tcp wrappers"
- Maybe in reply to: Meatplow: "iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 13:09:21 -0400 To: "Ed J. Aivazian" <stealth@arminco.com>, "Meatplow" <greg@meatplow.com>
Also,
iptables will accept multiple hosts in the rule. You can do this like:
iptables -A INPUT -p tcp -s ! 1.2.3.4/32,5.6.7.8/32 --dport 22 -j DROP
This consolodates those 3 rules below into one.
Thanks,
Paul
-----Original Message-----
From: Ed J. Aivazian [mailto:stealth@arminco.com]
Sent: Tuesday, September 28, 2004 5:17 AM
To: Meatplow
Cc: focus-linux@securityfocus.com
Subject: Re: iptables & tcp wrappers
Hello Meatplow,
Saturday, September 25, 2004, 1:57:26 AM, you wrote:
finding line numbers is simple.
--line-numbers.
if you need to restrict ssh for everyone except those you trust,
something like this is fine and flexible.
TRUSTEDHOSTS="1.2.3.4 5.6.7.8"
for host in $TRUSTEDHOSTS do;
iptables -A INPUT -j ACCEPT -p tcp -s $host --dport ssh
done;
iptables -A INPUT -j DROP -p tcp --dport ssh
As for collecting statistics for the non-trusted attempts, you can make
use of
the iptables LOG target. Get the iptables-tutorial document, I believe
this is the best guide to iptables and to the theory of firewalls in
general.
Luck!
M> -----BEGIN PGP SIGNED MESSAGE-----
M> Hash: SHA1
M> Hello.
M> I'm running RH Enterprise edition.
M> I'm relatively new to iptables. I am getting the common intrusion
M> attempts with some of the common uses of test/guest/root/ and a
M> couple others I've been able to add the IPs to the to iptables.,
M> but
M> I'd really like a log that tells me the info that I want to know.
M> My basic input command is this :
M> #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP
M> iptables seem a little convoluted. Example. To delete a line -
M> supposedly give it a line and it will be deleted/modified. My
M> problem is even with #iptable -L -v there is no line number ?
M> My goal is to block all incoming ssh attempts except IP#.
M> This is where I got into hosts.allow/deny as mentioned below.
M> I've tried to find many different types of commands and it works to
M> some degree, but not the way I'd expect it to.
M> Any help would be appreciated. I'm not completely sure that I
M> understand iptables as well as I want/need to. I've also toyed
M> around with the hosts.allow/hosts.deny and have not been successful.
M> I know that there is a lot of info in here, and I'm tired. I'll
M> leave it at that
M> Thanks in advance for your time and help.
M> Meatplow
M> greg ta meatplow.com
M> Thanks again.
M> -----BEGIN PGP SIGNATURE-----
M> Version: PGPfreeware 6.5.8 for non-commercial use
<http://www.pgp.com>
M> iQA/AwUBQVSBsR42gIcyjrnjEQJIqwCfWAShp7r+J1XNNjQq6sbvvD03WZ8AoNrg
M> ctQ837g5pQDafgBhTTeeMr1V
M> =niWK
M> -----END PGP SIGNATURE-----
-- Best regards, Ed mailto:stealth@arminco.com
- Previous message: harry: "Re: iptables & tcp wrappers"
- Maybe in reply to: Meatplow: "iptables & tcp wrappers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
