Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables issue
Operating Systems Linux Ubuntu iptables issue Post 302839405 by babinlonston on Thursday 1st of August 2013 11:57:19 AM
Old 08-01-2013
Ubuntu iptables issue
Hi all ,

I Have Servers in remote location and now im setting up Some of the iptables fot that this is my finall steps in my servers and i need to open only 5 ports they are
80,443,9123,1985,22 And 22 Must want to be enabled for accesing it from my location , So here is the ip tables i have wrote , Please Review it and give me solution wether is in correct format for opening those 5 ports and all other ports need to be closed . Dos attack want to be Protected its too mentioned here please go throught it and give me solution
Code:
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9123 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1935 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -A INPUT -j DROP


This last line Blocking every think .. how can i enable all the above ports and block all other .. did the line 6th one is right ? Suggest me please
After this only i need to configure failtoban ..
Last edited by DukeNuke2; 08-01-2013 at 01:08 PM..
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

ps issue

HI All, Suddenly don't know what happened to redhat linux 7.2 any program start then itsn't listing while using ps -ef ex: ./xyz this xyz program pid not showing in ps-ef Pls let me know what is the reason for the same. Thanks a lot in advance Bache (7 Replies)
Discussion started by: bache_gowda
7 Replies

2. Shell Programming and Scripting

Unix Arithmatic operation issue , datatype issue

Hi, I have a shell scripting. This will take 7 digit number in each line and add 7 digit number with next subsequent lines ( normal addition ). Eg: 0000001 0000220 0001235 0000022 0000023 ........... ......... ........ Like this i am having around 1500000 records. After adding... (23 Replies)
Discussion started by: thambi
23 Replies

3. UNIX for Dummies Questions & Answers

ISSUE and ISSUE.NET files

In LINUX(CentOS, RedHat) is there a way to have the banner statement appear before the logon instead of after the logon? In UNIX and Windows the banner appears before a person actually logs on, what I'm seeing in LINUX is that it appears after the login(ftp, telnet, SSH). Thanks (0 Replies)
Discussion started by: ejjones
0 Replies

4. Shell Programming and Scripting

CP Issue

I want to copy large amount of files aproximately more than 20,000 files from one file system to another file system, but it gives me error like: #cd /opt/appserver/images #cp * /opt/appserver02/public/images Argument list is too long Also above mention error appear again when i run: ... (1 Reply)
Discussion started by: telnor
1 Replies

5. Shell Programming and Scripting

Need assistance with a file issue and a terminal issue

Hello everyone, I'm in need of some assistance. I'm currently enrolled in an introductory UNIX shell programming course and, well halfway through the semester, we are receiving our first actual assignment. I've somewhat realized now that I've fallen behind, and I'm working to get caught up, but for... (1 Reply)
Discussion started by: MrMagoo22
1 Replies

6. Shell Programming and Scripting

Variable value substitution issue with awk command issue

Hi All, I am using the below script which has awk command, but it is not returing the expected result. can some pls help me to correct the command. The below script sample.ksh should give the result if the value of last 4 digits in the variable NM matches with the variable value DAT. The... (7 Replies)
Discussion started by: G.K.K
7 Replies

7. Linux

iptables issue

Hi all, I'm trying to set up a virtual machine to act as a Windows host firewall. The basic idea is that the guest OS is configured on a sub with a router and the host is configured on another sub with the guest. I found this ancient iptables script and I did some minor mods to fit my network... (0 Replies)
Discussion started by: vskivanov
0 Replies

8. Shell Programming and Scripting

What could be the issue ?

Hi, when i am trying below script assume that below values are taken in code #!/bin/ksh if then echo usage: aNlist.sh QMGR NAME MQREQ fi NL=`echo 'dis qmgr'|runmqsc $1|grep REPOSNL|sed 's/.*REPOSNL\(.*\).*/\1/' |cut -d'(' -f2|cut -d')' -f1` echo 'define nl('$NL_$2')... (25 Replies)
Discussion started by: darling
25 Replies

9. Shell Programming and Scripting

Issue with wc -c and wc -m

Hi All, I have a small queries to get the character count i tried with wc -c and wc -m but its not returend current result For eg: wc -c wc -m echo "Name" | wc -c result: 5 but actually it should returned 4 Help me on this to ge the correct one. Thanks! ----------... (4 Replies)
Discussion started by: siva.pitchai
4 Replies

LEARN ABOUT LINUX

iptables-xml

IPTABLES-XML(8) 														   IPTABLES-XML(8)

NAME

       iptables-xml -- Convert iptables-save format to XML

SYNOPSIS

       iptables-xml [-c] [-v]

DESCRIPTION

       iptables-xml  is  used  to convert the output of iptables-save into an easily manipulatable XML format to STDOUT.  Use I/O-redirection pro-
       vided by your shell to write to a file.

       -c, --combine
	      combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target  per
	      match,  so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
	      matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.

       -v, --verbose
	      Output xml comments containing the iptables line from which the XML is derived

       iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j  targets	in
       order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
       a target like SNAT and another chain.

       Some sample output is:

       <iptables-rules>
	 <table name="mangle">
	   <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
	     <rule>
	      <conditions>
	       <match>
		 <p>tcp</p>
	       </match>
	       <tcp>
		 <sport>8443</sport>
	       </tcp>
	      </conditions>
	      <actions>
	       <call>
		 <check_ip/>
	       </call>
	       <ACCEPT/>
	      </actions>
	     </rule>
	   </chain>
	 </table> </iptables-rules>

       Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using  libxsltproc
       or similar; in this fashion:

       xsltproc iptables.xslt my-iptables.xml | iptables-restore

BUGS

       None known as of iptables-1.3.7 release

AUTHOR

       Sam Liddicott <azez@ufomechanic.net>

SEE ALSO

       iptables-save(8), iptables-restore(8), iptables(8)

								   Jul 16, 2007 						   IPTABLES-XML(8)
All times are GMT -4. The time now is 07:15 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy