Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IP Tables not allowing ports
Special Forums Cybersecurity IP Tables not allowing ports Post 302878948 by 3therk1ll on Monday 9th of December 2013 08:29:16 PM
Old 12-09-2013
This is just for my laptop but it is something I'd like to implement on my desktop too at some point, just testing it here..
Is the 'FORWARDED' flag more for use with routers?

What I'm looking to do is drop all traffic and then only allow IN/OUT certain ports and services as I need them.

The problem I had before was websites I was connecting to had the default ports changed, ie 587 for example rather than 80.

I want the rules to block anything coming in that hasn't already been established by me initiating a connection.

Example:
I initiate to connect to a webserver on local 80
Webserver responds on 587 and the connection is allowed because I initiated it in the first place.
Ideally to happen without explicitly specifying each and every port/service individually.
If being explicit is the best or safest way, so be it, just want to get it done effectively.

Would it be best to only have
Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Rather than the same for
Code:
INPUT,OUTPUT,FORWARD

?

If that is the case, what should it look like based on my previous posts.

Much appreciate your help by the way buddy, sorry if I'm a little slow on the uptake!
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies

2. Shell Programming and Scripting

Converting tables of row data into columns of tables

I am trying to transpose tables listed in the format into format. Any help would be greatly appreciated. Input: test_data_1 1 2 90% 4 3 91% 5 4 90% 6 5 90% 9 6 90% test_data_2 3 5 92% 5 4 92% 7 3 93% 9 2 92% 1 1 92% ... Output:... (7 Replies)
Discussion started by: justthisguy
7 Replies

3. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

4. Red Hat

Need help in allowing symmetric cryptography[2]

I have encountered some problems in my school work. Here is the question: The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies

5. Homework & Coursework Questions

Need help in allowing symmetric cryptography[2]

The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. 4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies

6. Red Hat

Samba for anonymouse setup but not allowing me to write

Hi Friends, samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box conf as below #testparm Load smb config files from /etc/samba/smb.conf Processing section "" Processing section "" Processing section "" Loaded services file OK. Server... (0 Replies)
Discussion started by: heman96
0 Replies

7. UNIX for Dummies Questions & Answers

Allowing External Scans

Hello! I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for... (2 Replies)
Discussion started by: hpuxguy
2 Replies

8. AIX

Ssh not allowing NIS user to login

As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies

9. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

LEARN ABOUT DEBIAN

irsend

IRSEND(1)							   User Commands							 IRSEND(1)

NAME

       irsend - basic LIRC program to send infra-red commands

SYNOPSIS

       irsend [options] DIRECTIVE REMOTE CODE [CODE...]

DESCRIPTION

       Asks the lircd daemon to send one or more CIR (Consumer Infra-Red) commands. This is intended for remote control of electronic devices such
       as TV boxes, HiFi sets, etc.

       DIRECTIVE can be:
	  SEND_ONCE	    - send CODE [CODE ...] once
	  SEND_START	    - start repeating CODE
	  SEND_STOP	    - stop repeating CODE
	  LIST		    - list configured remote items
	  SET_TRANSMITTERS  - set transmitters NUM [NUM ...]
	  SIMULATE	    - simulate IR event

       REMOTE is the name of a remote, as described in the lircd configuration file.

       CODE is the name of a remote control key of REMOTE, as it appears in the lircd configuration file.

       NUM is the transmitter number of the hardware device.

       For the LIST DIRECTIVE, REMOTE and/or CODE can be empty:

	  LIST	 ""    ""   - list all configured remote names
	  LIST REMOTE  ""   - list all codes of REMOTE
	  LIST REMOTE CODE  - list only CODE of REMOTE

       The SIMULATE command only works if it has been explicitly enabled in lircd.

       -h --help
	      display usage summary

       -v --version
	      display version

       -d --device
	      use given lircd socket [/var/run/lirc/lircd]

       -a --address=host[:port]
	      connect to lircd at this address

       -# --count=n
	      send command n times

EXAMPLES

	  irsend LIST DenonTuner ""
	  irsend SEND_ONCE  DenonTuner PROG-SCAN
	  irsend SEND_ONCE  OnkyoAmpli VOL-UP VOL-UP VOL-UP VOL-UP
	  irsend SEND_START OnkyoAmpli VOL-DOWN ; sleep 3
	  irsend SEND_STOP  OnkyoAmpli VOL-DOWN
	  irsend SET_TRANSMITTERS 1
	  irsend SET_TRANSMITTERS 1 3 4
	  irsend SIMULATE "0000000000000476 00 OK TECHNISAT_ST3004S"

FILES

       /etc/lirc/lircd.conf
	      Default lircd configuration file.  It should contain all the remotes, their infra-red codes and the corresponding timing	and  wave-
	      form details.

DIAGNOSTICS

       If lircd is not running (or /var/run/lirc/lircd lacks write permissions) irsend aborts with the following diagnostics:
       "irsend: could not connect to socket"
       "irsend: Connection refused" (or "Permission denied").

SEE ALSO

       The documentation for lirc is maintained as html pages. They are located under html/ in the documentation directory.

       lircd(8), mode2(1), smode2(1), xmode2(1), irrecord(1), irw(1), http://www.lirc.org.

irsend 0.9.0-pre1						   October 2010 							 IRSEND(1)
All times are GMT -4. The time now is 03:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy