06-01-2011
Thanks pludi.
>> First, you can set the default policy anywhere you want, since it's not a rule.
I want to open specific ports at the output and block the rest. Putting the default output blocking policy would make the machine unusable. Thus, I shifted it to the bottom the firewall script and that worked. Anything I am doing wrong here?
>> Second, take a look at the man page for iptables.
Thank you!
10 More Discussions You Might Find Interesting
1. IP Networking
Hi
I have small home network and I want to block some forums on web
When I use this
iptables -A INPUT -s forum -j DROP
rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings
iptables-save > /root/dsl.fw
but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies
2. Red Hat
Please i need help in how to add/remove rules in timezone files under /usr/share/zoneinfo/ , cause i have tried many times to do this by adding rules in an time zone file then compile this file with zic tool and then link it to /etc/localtime but always the output doesn't match what i have made... (0 Replies)
Discussion started by: linuxroOot
0 Replies
3. Ubuntu
Could someone help me with writing rules for iptables?
I need a dos attacks protection for a game server.
port type udp
ports 27015:27030
interface: eth0
Accept all packets from all IPs
Chek if IP sent more than 50 packets per second
Drop all packets from this IP for 5 minutes
I would be... (0 Replies)
Discussion started by: Greenice
0 Replies
4. Red Hat
Hi Gurus,
I need to add Multicast Port = xyz
Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies
5. Red Hat
Hi Champs
i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local :
#Allow loopback
iptables -I INPUT -i lo -j ACCEPT
# Accept packets from Trusted network
iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies
6. UNIX for Advanced & Expert Users
Hello,
I have iptables service running on my CentOS5 server. It has approx 50 rules right now.
The problem I am facing now is as follows -
I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table.
... (1 Reply)
Discussion started by: BhushanPathak
1 Replies
7. Shell Programming and Scripting
Need to convert the QNX rules to Linux ubuntu 12.04. kindly any one help us with any tools (4 Replies)
Discussion started by: mageshkumar
4 Replies
8. UNIX for Advanced & Expert Users
Hi,
I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it.
The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies
9. Cybersecurity
Hello,
I did 2 scripts. The second one is, I hope, more secure.
What do you think?
Basic connection (no server, no router, no DHCP and the Ipv6 is disabled)
#######script one
####################
iptables -F
iptables -X -t filter
iptables -P INPUT DROP
iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies
10. IP Networking
Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies
LEARN ABOUT DEBIAN
filtergen
FILTERGEN(8) System Manager's Manual FILTERGEN(8)
NAME
filtergen - packet filter compiler
SYNOPSIS
filtergen [ -h | --help ] [ -V | --version ] [ -c | --compile ] [ -t target | --target=target ] [ -o outfile | --output=outfile ] infile
filtergen [ -h | --help ] [ -V | --version ] [ -c | --compile ] [ -t target | --target=target ] [ -o outfile | --output=outfile ] [ -F pol-
icy | --flush=policy ]
DESCRIPTION
filtergen compiles a high-level filtering description language into a variety of target formats.
USAGE
filtergen reads the ruleset from the infile specified on the command line (or standard input if infile is "-") and outputs to standard out-
put (or outfile) via an optionally specified backend.
Both short and GNU-style long option options are accepted:
-c, --compile
Only try to "compile" the input, and do not generate any output. This may be useful to check that an input file has no syntax
errors in it before one attempts to use the result on a live server.
-t target-filter, --target=target-filter
If specified, target-filter will be used to select an output filter type, otherwise the default of iptables will be used. Supported
backends are iptables, ipchains, ipfilter and cisco (for Cisco IOS access-lists).
-F policy, --flush=policy
Flush mode. Generate a set of rules for clearing all rules from the packet filter. Useful for firewall scripts that need to `shut-
down' the firewall. You can supply a policy argument in place of the usual filename, to specify whether the flushed filter should
default to accept, reject, or drop. It defaults to accept, equivalent to having no filter loaded at all. It is not necessary to
specify an infile when using flush mode.
-o outfile, --output=outfile
Write output to outfile instead of standard output.
-h, --help
Show command help.
-V, --version
Show program version.
BUGS
Not all backends implement all features.
The packet filter is not optimised.
SEE ALSO
fgadm(8), filter_syntax(5), filter_backends(7)
AUTHOR
filtergen was originally written by Matthew Kirkwood. Jamie Wilkinson <jaq@spacepants.org> then rewrote a lot of the internals, added some
features, and took on maintenance of the project.
January 7, 2004 FILTERGEN(8)