Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need help for iptables rules
Special Forums Cybersecurity Need help for iptables rules Post 302988668 by Thomas342 on Friday 30th of December 2016 02:48:11 PM
Old 12-30-2016
Hello,

Thanks for your reply.

Quote:
II see the line for your DSL router or whatever 192... is. What is your goal?
I wanted to make this rule more secure:
Code:
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

My pc is not acting as a router or a server. If I want to open a port (example: for a vpn), what rule do I need?
Normally the rule is:
Code:
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

But this rule is not very secure because if I well understood, it allows everyone to get my tcp port xxx.
What can I do to make the rule more secure? Is it possible?

Thanks.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SED inserting iptables rules in while loop

I'm trying to insert multiple new lines of text into an iptables script using sed in a while loop. I'm not sure if this is the most effective way. Searching the forums has helped me come up with a good beginning but it's not 100%. I'd like it to search out a unique line in my current iptables file... (2 Replies)
Discussion started by: verbalicious
2 Replies

2. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

3. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

4. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

5. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

6. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

7. UNIX for Advanced & Expert Users

Editing iptables rules with custom chain

Hello, I have iptables service running on my CentOS5 server. It has approx 50 rules right now. The problem I am facing now is as follows - I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table. ... (1 Reply)
Discussion started by: BhushanPathak
1 Replies

8. Shell Programming and Scripting

Need to Convert the QNX rules to UNIX iptables

Need to convert the QNX rules to Linux ubuntu 12.04. kindly any one help us with any tools (4 Replies)
Discussion started by: mageshkumar
4 Replies

9. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

10. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT DEBIAN

pyroman

PYROMAN(8)						      System Manager's Manual							PYROMAN(8)

NAME

       pyroman - a firewall configuration utility

SYNOPSIS

       pyroman
	      [ -hvnspP ] [ -r RULESDIR ] [ -t SECONDS ]
	      [ --help ] [ --version ] [ --safe ] [ --no-act ]
	      [ --print ] [ --print-verbose ] [ --rules=RULESDIR ]
	      [ --timeout=SECONDS ] [ safe ]

DESCRIPTION

       pyroman is a firewall configuration utility.

       It will compile a set of configuration files to iptables statements to setup IP packet filtering for you.

       While it is not necessary for operating and using Pyroman, you should have understood how IP, TCP, UDP, ICMP and the other commonly used
       Internet protocols work and interact. You should also have understood the basics of iptables in order to make use of the full
       functionality.

       pyroman does not try to hide all the iptables complexity from you, but tries to provide you with a convenient way of managing a complex
       networks firewall.  For this it offers a compact syntax to add new firewall rules, while still exposing access to add arbitrary iptables
       rules.

OPTIONS

       -r RULESDIR,--rules=RULES
	      Load the rules from directory RULESDIR instead of the default directory (usually /etc/pyroman )
       -t SECONDS,--timeout=SECONDS
	      Wait SECONDS seconds after applying the changes for the user to type OK to confirm he can still access the firewall. This implies
	      --safe but allows you to use a different timeout.
       -h, --help
	      Print a summary of the command line options and exit.
       -V, --version
	      Print the version number of pyroman and exit.
       -s, --safe, safe
	      When the firewall was committed, wait 30 seconds for the user to type OK to confirm, that he can still access the firewall (i.e. the
	      network connection wasn't blocked by the firewall).  Otherwise, the firewall changes will be undone, and the firewall will be
	      restored to the previous state.  Use the --timeout=SECONDS option to change the timeout.
       -n, --no-act
	      Don't actually run iptables. This can be used to check if pyroman accepts the configuration files.
       -p, --print
	      Instead of running iptables, output the generated rules.
       -P, --print-verbose
	      Instead of running iptables, output the generated rules. Each statement will have one comment line explaining how this rules was
	      generated. This will usually include the filename and line number, and is useful for debugging.
CONFIGURATION

       Configuration of pyroman consists of a number of files in the directory /etc/pyroman.  These files are in python syntax, although you do
       not need to be a python programmer to use these rules. There is only a small number of statements you need to know:
       add_host
	      Define a new host or network
       add_interface
	      Define a new interface (group)
       add_service
	      Add a new service alias (note that you can always use e.g. www/tcp to reference the www tcp service as defined in /etc/services)
       add_nat
	      Define a new NAT (Network Address Translation) rule
       allow  Allow a service, client, server combination
       reject Reject access for this service, client, server combination
       drop   Drop packets for this service, client, server combination
       add_rule
	      Add a rule for this service, client, server and target combination
       iptables
	      Add an arbitrary iptables statement to be executed at beginning
       iptables_end
	      Add an arbitrary iptables statement to be executed at the end
       Detailed parameters for these functions can be looked up by caling
	      cd /usr/share/pyroman
	      pydoc ./commands.py

BUGS

       None known as of pyroman-0.4 release

AUTHOR

       pyroman was written by Erich Schubert <erich@debian.org>

SEE ALSO

       iptables(8), iptables-restore(8) iptables-load(8)

																	PYROMAN(8)
All times are GMT -4. The time now is 12:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy