RE: iptables & tcp wrappers

From: Whelan, Paul (Paul.Whelan_at_fmr.com)
Date: 09/30/04


Date: Thu, 30 Sep 2004 13:09:21 -0400
To: "Ed J. Aivazian" <stealth@arminco.com>, "Meatplow" <greg@meatplow.com>

Also,
iptables will accept multiple hosts in the rule. You can do this like:

iptables -A INPUT -p tcp -s ! 1.2.3.4/32,5.6.7.8/32 --dport 22 -j DROP

This consolodates those 3 rules below into one.
Thanks,
Paul

-----Original Message-----
From: Ed J. Aivazian [mailto:stealth@arminco.com]
Sent: Tuesday, September 28, 2004 5:17 AM
To: Meatplow
Cc: focus-linux@securityfocus.com
Subject: Re: iptables & tcp wrappers

Hello Meatplow,

Saturday, September 25, 2004, 1:57:26 AM, you wrote:

finding line numbers is simple.
--line-numbers.
if you need to restrict ssh for everyone except those you trust,
something like this is fine and flexible.

TRUSTEDHOSTS="1.2.3.4 5.6.7.8"

for host in $TRUSTEDHOSTS do;
    iptables -A INPUT -j ACCEPT -p tcp -s $host --dport ssh
done;

iptables -A INPUT -j DROP -p tcp --dport ssh

As for collecting statistics for the non-trusted attempts, you can make
use of
the iptables LOG target. Get the iptables-tutorial document, I believe
this is the best guide to iptables and to the theory of firewalls in
general.
Luck!

M> -----BEGIN PGP SIGNED MESSAGE-----
M> Hash: SHA1

M> Hello.

M> I'm running RH Enterprise edition.

M> I'm relatively new to iptables. I am getting the common intrusion
M> attempts with some of the common uses of test/guest/root/ and a
M> couple others I've been able to add the IPs to the to iptables.,
M> but
M> I'd really like a log that tells me the info that I want to know.

M> My basic input command is this :
M> #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP

M> iptables seem a little convoluted. Example. To delete a line -
M> supposedly give it a line and it will be deleted/modified. My
M> problem is even with #iptable -L -v there is no line number ?

M> My goal is to block all incoming ssh attempts except IP#.
M> This is where I got into hosts.allow/deny as mentioned below.

M> I've tried to find many different types of commands and it works to
M> some degree, but not the way I'd expect it to.

M> Any help would be appreciated. I'm not completely sure that I
M> understand iptables as well as I want/need to. I've also toyed
M> around with the hosts.allow/hosts.deny and have not been successful.

M> I know that there is a lot of info in here, and I'm tired. I'll
M> leave it at that

M> Thanks in advance for your time and help.

M> Meatplow
M> greg ta meatplow.com

M> Thanks again.

M> -----BEGIN PGP SIGNATURE-----
M> Version: PGPfreeware 6.5.8 for non-commercial use
<http://www.pgp.com>

M> iQA/AwUBQVSBsR42gIcyjrnjEQJIqwCfWAShp7r+J1XNNjQq6sbvvD03WZ8AoNrg
M> ctQ837g5pQDafgBhTTeeMr1V
M> =niWK
M> -----END PGP SIGNATURE-----

-- 
Best regards,
 Ed                            mailto:stealth@arminco.com


Relevant Pages

  • iptables & tcp wrappers
    ... I'm running RH Enterprise edition. ... I'm relatively new to iptables. ... I am getting the common intrusion ... My basic input command is this: ...
    (Focus-Linux)
  • Re: iptables & tcp wrappers
    ... if you need to restrict ssh for everyone except those you trust, ... the iptables LOG target. ... I am getting the common intrusion ... M> My basic input command is this: ...
    (Focus-Linux)
  • RE: iptables & tcp wrappers
    ... I'm running RH Enterprise edition. ... I'm relatively new to iptables. ... I am getting the common intrusion ... My basic input command is this: ...
    (Focus-Linux)
  • RE: iptables & tcp wrappers
    ... There's a fantastic tutorial on iptables at ... absolutely nothing about iptables when I started reading it, ... I am getting the common intrusion ... My basic input command is this: ...
    (Focus-Linux)
  • Re: iptables & tcp wrappers
    ... but I believe that your sshd (the daemon) is compiled against ... On Fri, 2004-09-24 at 14:57, Meatplow wrote: ... > I'm relatively new to iptables. ... > My basic input command is this: ...
    (Focus-Linux)