Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Editing iptables rules with custom chain
Top Forums UNIX for Advanced & Expert Users Editing iptables rules with custom chain Post 302804915 by maverick_here on Thursday 9th of May 2013 10:18:41 AM
Old 05-09-2013
Well, -A stands for append and -I is for inserting. So try

Code:
/sbin/iptables -I DOS_RULES 15 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP

Last edited by Scott; 05-09-2013 at 11:19 AM.. Reason: Code tags
 

10 More Discussions You Might Find Interesting

1. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

2. Red Hat

Help in editing timezone rules

Please i need help in how to add/remove rules in timezone files under /usr/share/zoneinfo/ , cause i have tried many times to do this by adding rules in an time zone file then compile this file with zic tool and then link it to /etc/localtime but always the output doesn't match what i have made... (0 Replies)
Discussion started by: linuxroOot
0 Replies

3. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

4. UNIX for Advanced & Expert Users

[SOLVED] No INPUT chain on nat table in iptables

Hello, I'm having problem with an iptables rule. It seems that on one of two systems on the nat table, the INPUT chain doesn't exist for some strange reason. I get the error below: # iptables -t nat -A INPUT -j ACCEPT iptables: No chain/target/match by that name. Here is my kernel on... (0 Replies)
Discussion started by: Narnie
0 Replies

5. Ubuntu

Iptables forward traffic to forward chain!!!

Hi, I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies

6. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

7. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

8. Red Hat

iptables applied in local machine, can't ssh remote machine after chain changed to DROP

I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99 Source Destination was UP, with IP 192.168.1.15. This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
Discussion started by: babinlonston
2 Replies

9. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

10. Cybersecurity

Need help for iptables rules

Hello, I did 2 scripts. The second one is, I hope, more secure. What do you think? Basic connection (no server, no router, no DHCP and the Ipv6 is disabled) #######script one #################### iptables -F iptables -X -t filter iptables -P INPUT DROP iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies

LEARN ABOUT DEBIAN

ashunt

ashunt(8)							netsniff-ng-toolkit							 ashunt(8)

NAME

       ashunt - Autonomous System (AS) trace route utility

SYNOPSIS

       ashunt	 -H|--host <host> -i|-d|--dev <dev> [-6|--ipv6]      [-n|--numeric] [-N|--dns] [-f|--init-ttl <ttl>]	  [-m|--max-ttl <ttl>]
       [-q|--num-probes] [-x|--timeout <sec>]	   [-S|--syn] [-A|--ack] [-F|--fin] [-P|--psh] [-U|--urg]      [-R|--rst] [-E|--ecn-syn] [-t|--tos
       <tos>] [-G|--nofrag]	 [-X|--payload <string>] [-Z|--show-packet] [-l|--totlen <len>]      [-w|--whois <server>] [-W|--wport <port>]
       [--city-db <path>]      [--country-db <path>] [-v|--version] [-h|--help]

DESCRIPTION

       This program provides AS information on each hop between the client and the target host.

OPTIONS

       ashunt -i eth0 -N -E -H netsniff-ng.org
	   IPv4 trace of AS with TCP ECN SYN probe

       ashunt -i eth0 -N -S -H netsniff-ng.org
	   IPv4 trace of AS with TCP SYN probe

       ashunt -i eth0 -N -F -H netsniff-ng.org
	   IPv4 trace of AS with TCP FIN probe

       ashunt -i eth0 -N -FPU -H netsniff-ng.org
	   IPv4 trace of AS with Xmas probe

       ashunt -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z
	   IPv4 trace of AS with Null probe with ASCII payload

       ashunt -6 -S -i eth0 -H netsniff-ng.org
	   IPv6 trace of AS up to netsniff-ng.org

OPTIONS

       -h|--help
	   Print help text and lists all options.

       -v|--version
	   Print version.

       -H|--host <host>
	   Host/IPv4/IPv6 to lookup AS route to

       i-|-d|--dev <netdev>
	   Networking device, i.e. eth0

       -p|--port <port>
	   Hosts port to lookup AS route to

       -4|--ipv4
	   Use IPv4 requests (default)

       -6|--ipv6
	   Use IPv6 requests

       -n|--numeric
	   Do not do reverse DNS lookup for hops

       -N|--dns
	   Do a reverse DNS lookup for hops

       -f|--init-ttl <ttl>
	   Set initial TTL

       -m|--max-ttl <ttl>
	   Set maximum TTL (default: 30)

       -q|--num-probes <num>
	   Number of max probes for each hop (default: 3)

       -x|--timeout <sec>
	   Probe response timeout in sec (default: 3)

       -S|--syn
	   Set TCP SYN flag in packets

       -A|--ack
	   Set TCP ACK flag in packets

       -F|--fin
	   Set TCP FIN flag in packets

       -P|--psh
	   Set TCP PSH flag in packets

       -U|--urg
	   Set TCP URG flag in packets

       -R|--rst
	   Set TCP RST flag in packets

       -E|--ecn-syn
	   Send ECN SYN packets (RFC3168)

       -t|--tos <tos>
	   Set the IP TOS field

       -w|--whois <server>
	   Use a different AS whois DB server (default: /etc/netsniff-ng/whois.conf)

       -W|--wport <port>
	   Use a different port to AS whois server (default: /etc/netsniff-ng/whois.conf)

       --city-db <path>
	   Specifiy path for geoip city database

       --country-db <path>
	   Specifiy path for geoip country database

AUTHOR

       Written by Daniel Borkmann <daniel@netsniff-ng.org>

DOCUMENTATION

       Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>

BUGS

       Please report bugs to <bugs@netsniff-ng.org>

								    2012-06-29								 ashunt(8)
All times are GMT -4. The time now is 10:05 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy