Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IP Tables not allowing ports
Special Forums Cybersecurity IP Tables not allowing ports Post 302878951 by neutronscott on Monday 9th of December 2013 08:50:04 PM
Old 12-09-2013
Basically you want to deny incoming packets that you didn't initiate? This is usually done in the router, but there are so many tutorials and howtos..

Having just that rule and a default policy of ALLOW on OUTPUT should do it though.

And yes, FORWARD should only matter if you're routing packets. It's likely not even enabled (it's a separate sysctl option)
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies

2. Shell Programming and Scripting

Converting tables of row data into columns of tables

I am trying to transpose tables listed in the format into format. Any help would be greatly appreciated. Input: test_data_1 1 2 90% 4 3 91% 5 4 90% 6 5 90% 9 6 90% test_data_2 3 5 92% 5 4 92% 7 3 93% 9 2 92% 1 1 92% ... Output:... (7 Replies)
Discussion started by: justthisguy
7 Replies

3. Programming

allowing members of a group to kill a process

I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies

4. Red Hat

Need help in allowing symmetric cryptography[2]

I have encountered some problems in my school work. Here is the question: The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies

5. Homework & Coursework Questions

Need help in allowing symmetric cryptography[2]

The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography. 4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies

6. Red Hat

Samba for anonymouse setup but not allowing me to write

Hi Friends, samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box conf as below #testparm Load smb config files from /etc/samba/smb.conf Processing section "" Processing section "" Processing section "" Loaded services file OK. Server... (0 Replies)
Discussion started by: heman96
0 Replies

7. UNIX for Dummies Questions & Answers

Allowing External Scans

Hello! I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for... (2 Replies)
Discussion started by: hpuxguy
2 Replies

8. AIX

Ssh not allowing NIS user to login

As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies

9. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

LEARN ABOUT REDHAT

icmp

ICMP(7) 						     Linux Programmer's Manual							   ICMP(7)

NAME

       icmp, IPPROTO_ICMP - Linux IPv4 ICMP kernel module.

DESCRIPTION

       This  kernel  protocol module implements the Internet Control Message Protocol defined in RFC792. It is used to signal error conditions and
       for diagnosis.  The user doesn't interact directly with this module; instead it communicates with the other protocols  in  the  kernel  and
       these pass the ICMP errors to the application layers. The kernel ICMP module also answers ICMP requests.

       A user protocol may receive ICMP packets for all local sockets by opening a raw socket with the protocol IPPROTO_ICMP.  See raw(7) for more
       information.  The types of ICMP packets passed to the socket can be filtered using the ICMP_FILTER socket option. ICMP packets  are  always
       processed by the kernel too, even when passed to a user socket.

       Linux  limits  the rate of ICMP error packets to each destination.  ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the destination
       route of the incoming packets.

SYSCTLS

       ICMP supports a sysctl interface to configure some global  IP  parameters.   The  sysctls  can  be  accessed  by  reading  or  writing  the
       /proc/sys/net/ipv4/*  files or with the sysctl(2) interface. Most of these sysctls are rate limitations for specific ICMP types.  Linux 2.2
       uses a token bucket filter to limit ICMPs.  The value is the timeout in jiffies until the token bucket filter is cleared after a  burst.  A
       jiffy is a system dependent unit, usually 10ms on x86 and about 1ms on alpha and IA64.

       icmp_destunreach_rate
	      Maximum  rate  to send ICMP Destination Unreachable packets.  This limits the rate at which packets are sent to any individual route
	      or destination.  The limit does not affect sending of ICMP_FRAG_NEEDED packets needed for path MTU discovery.

       icmp_echo_ignore_all
	      If this value is non-zero, Linux will ignore all ICMP_ECHO requests.

       icmp_echo_ignore_broadcasts
	      If this value is non-zero, Linux will ignore all ICMP_ECHO packets sent to broadcast addresses.

       icmp_echoreply_rate
	      Maximum rate for sending ICMP_ECHOREPLY packets in response to ICMP_ECHOREQUEST packets.

       icmp_paramprob_rate
	      Maximum rate for sending ICMP_PARAMETERPROB packets.  These packets are sent when a packet arrives with an invalid IP header.

       icmp_timeexceed_rate
	      Maximum rate for sending ICMP_TIME_EXCEEDED packets.  These packets are sent to prevent loops when a packet  has	crossed  too  many
	      hops.

NOTES

       As many other implementations don't support IPPROTO_ICMP raw sockets, this feature should not be relied on in portable programs.

       ICMP_REDIRECT  packets  are not sent when Linux is not acting as a router.  They are also only accepted from the old gateway defined in the
       routing table and the redirect routes are expired after some time.

       The 64-bit timestamp returned by ICMP_TIMESTAMP is in milliseconds since January 1, 1970.

       Linux ICMP internally uses a raw socket to send ICMPs. This raw socket may appear in netstat(8) output with a zero inode.

VERSIONS

       Support for the ICMP_ADDRESS request was removed in 2.2.

       Support for ICMP_SOURCE_QUENCH was removed in Linux 2.2.

SEE ALSO

       ip(7)

       RFC792 for a description of the ICMP protocol.

Linux Man Page							    1999-04-27								   ICMP(7)
All times are GMT -4. The time now is 12:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy