Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Editing rules on iptables
Special Forums Cybersecurity Editing rules on iptables Post 302526633 by pludi on Wednesday 1st of June 2011 05:17:54 AM
Old 06-01-2011
Quote:
Originally Posted by garric
I want to open specific ports at the output and block the rest. Putting the default output blocking policy would make the machine unusable. Thus, I shifted it to the bottom the firewall script and that worked. Anything I am doing wrong here?
The default policy takes immediate effect when set, that's true. However, it only blocks you out if you enter the commands manually, which should be the exception, not the rule. When using a script you can set the default policy first, and then open the ports you need without interrupting any traffic.
 

10 More Discussions You Might Find Interesting

1. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

2. Red Hat

Help in editing timezone rules

Please i need help in how to add/remove rules in timezone files under /usr/share/zoneinfo/ , cause i have tried many times to do this by adding rules in an time zone file then compile this file with zic tool and then link it to /etc/localtime but always the output doesn't match what i have made... (0 Replies)
Discussion started by: linuxroOot
0 Replies

3. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

4. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

5. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

6. UNIX for Advanced & Expert Users

Editing iptables rules with custom chain

Hello, I have iptables service running on my CentOS5 server. It has approx 50 rules right now. The problem I am facing now is as follows - I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table. ... (1 Reply)
Discussion started by: BhushanPathak
1 Replies

7. Shell Programming and Scripting

Need to Convert the QNX rules to UNIX iptables

Need to convert the QNX rules to Linux ubuntu 12.04. kindly any one help us with any tools (4 Replies)
Discussion started by: mageshkumar
4 Replies

8. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

9. Cybersecurity

Need help for iptables rules

Hello, I did 2 scripts. The second one is, I hope, more secure. What do you think? Basic connection (no server, no router, no DHCP and the Ipv6 is disabled) #######script one #################### iptables -F iptables -X -t filter iptables -P INPUT DROP iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies

10. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT DEBIAN

mac_bsdextended

MAC_BSDEXTENDED(4)					   BSD Kernel Interfaces Manual 					MAC_BSDEXTENDED(4)

NAME

     mac_bsdextended -- file system firewall policy

SYNOPSIS

     To compile the file system firewall policy into your kernel, place the following lines in your kernel configuration file:

	   options MAC
	   options MAC_BSDEXTENDED

     Alternately, to load the file system firewall policy module at boot time, place the following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_bsdextended_load="YES"

DESCRIPTION

     The mac_bsdextended security policy module provides an interface for the system administrator to impose mandatory rules regarding users and
     some system objects.  Rules are uploaded to the module (typically using ugidfw(8), or some other tool utilizing libugidfw(3)) where they are
     stored internally and used to determine whether to allow or deny specific accesses (see ugidfw(8)).

IMPLEMENTATION NOTES

     While the traditional mac(9) entry points are implemented, policy labels are not used; instead, access control decisions are made by iterat-
     ing through the internal list of rules until a rule which denies the particular access is found, or the end of the list is reached.  The
     mac_bsdextended policy works similar to ipfw(8) or by using a first match semantic.  This means that not all rules are applied, only the
     first matched rule; thus if Rule A allows access and Rule B blocks access, Rule B will never be applied.

   Sysctls
     The following sysctls may be used to tweak the behavior of mac_bsdextended:

     security.mac.bsdextended.enabled
	     Set to zero or one to toggle the policy off or on.

     security.mac.bsdextended.rule_count
	     List the number of defined rules, the maximum rule count is current set at 256.

     security.mac.bsdextended.rule_slots
	     List the number of rule slots currently being used.

     security.mac.bsdextended.firstmatch_enabled
	     Toggle between the old all rules match functionality and the new first rule matches functionality.  This is enabled by default.

     security.mac.bsdextended.logging
	     Log all access violations via the AUTHPRIV syslog(3) facility.

     security.mac.bsdextended.rules
	     Currently does nothing interesting.

SEE ALSO

     libugidfw(3), syslog(3), mac(4), mac_biba(4), mac_ifoff(4), mac_lomac(4), mac_mls(4), mac_none(4), mac_partition(4), mac_portacl(4),
     mac_seeotheruids(4), mac_test(4), ipfw(8), ugidfw(8), mac(9)

HISTORY

     The mac_bsdextended policy module first appeared in FreeBSD 5.0 and was developed by the TrustedBSD Project.

     The "match first case" and logging capabilities were later added by Tom Rhodes <trhodes@FreeBSD.org>.

AUTHORS

     This software was contributed to the FreeBSD Project by NAI Labs, the Security Research Division of Network Associates Inc. under
     DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.

BSD
								   May 21, 2005 							       BSD
All times are GMT -4. The time now is 05:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy