Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need help for iptables rules
Special Forums Cybersecurity Need help for iptables rules Post 302988668 by Thomas342 on Friday 30th of December 2016 02:48:11 PM
Old 12-30-2016
Hello,

Thanks for your reply.

Quote:
II see the line for your DSL router or whatever 192... is. What is your goal?
I wanted to make this rule more secure:
Code:
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

My pc is not acting as a router or a server. If I want to open a port (example: for a vpn), what rule do I need?
Normally the rule is:
Code:
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

But this rule is not very secure because if I well understood, it allows everyone to get my tcp port xxx.
What can I do to make the rule more secure? Is it possible?

Thanks.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SED inserting iptables rules in while loop

I'm trying to insert multiple new lines of text into an iptables script using sed in a while loop. I'm not sure if this is the most effective way. Searching the forums has helped me come up with a good beginning but it's not 100%. I'd like it to search out a unique line in my current iptables file... (2 Replies)
Discussion started by: verbalicious
2 Replies

2. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

3. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

4. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

5. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

6. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

7. UNIX for Advanced & Expert Users

Editing iptables rules with custom chain

Hello, I have iptables service running on my CentOS5 server. It has approx 50 rules right now. The problem I am facing now is as follows - I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table. ... (1 Reply)
Discussion started by: BhushanPathak
1 Replies

8. Shell Programming and Scripting

Need to Convert the QNX rules to UNIX iptables

Need to convert the QNX rules to Linux ubuntu 12.04. kindly any one help us with any tools (4 Replies)
Discussion started by: mageshkumar
4 Replies

9. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

10. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT CENTOS

firewalld.direct

FIREWALLD.DIRECT(5)						 firewalld.direct					       FIREWALLD.DIRECT(5)

NAME

       firewalld.direct - firewalld direct configuration file

SYNOPSIS

       /etc/firewalld/direct.xml

DESCRIPTION

       A firewalld direct configuration file contains the information about permanent direct chains and rules. These are the chains, rules and
       passthrough ...

       This is the structure of a direct configuration file:

	   <?xml version="1.0" encoding="utf-8"?>
	   <direct>
	     [ <chain ipv="ipv4|ipv6" table="table" chain="chain"/> ]
	     [ <rule ipv="ipv4|ipv6" table="table" chain="chain" priority="priority"> args </rule> ]
	     [ <passthrough ipv="ipv4|ipv6"> args </passthrough> ]
	   </direct>

   direct
       The mandatory direct start and end tag defines the direct. This tag can only be used once in a direct configuration file. There are no
       attributes for direct.

   chain
       Is an optional empty-element tag and can be used several times. It can be used to define names for additional chains. A chain entry has
       exactly three attributes:

       ipv="ipv4|ipv6"
	   The IP family where the chain will be created. This can be either ipv4 or ipv6.

       table="table"
	   The table name where the chain will be created. This can be one of the tables that can be used for iptables or ip6tables. For the
	   possible values, please have a look at the TABLES section in the iptables man pages: For ipv="ipv4" in iptables(8), for ipv="ipv6" in
	   ip6tables(8).

       chain="chain"
	   The name of the chain, that will be created. Please make sure that there is no other chain with this name already.

       Please remember to add a rule or passthrough rule with an --jump or --goto option to connect the chain to another one.

   rule
       Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has
       exactly four attributes:

       ipv="ipv4|ipv6"
	   The IP family where the rule will be added. This can be either ipv4 or ipv6.

       table="table"
	   The table name where the chain will be created. This can be one of the tables that casn be used for iptables or ip6tables. For the
	   possible values, please have a look at the TABLES section in the iptables man pages: For ipv="ipv4" in iptables(8), for ipv="ipv6" in
	   ip6tables(8).

       chain="chain"
	   The name of the chain where the rule will be added. This can be either a built-in chain or a chain that has been created with the chain
	   tag.

       priority="priority"
	   The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added
	   further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want
	   to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.

       The args can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes.

       If the chain name is a built-in chain, then the rule will be added to chain_direct, else the supplied chain name is used.  chain_direct is
       created internally for all built-in chains to make sure that the added rules do not conflict with the rules created by firewalld.

   passthrough
       Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has
       exactly one attribute:

       ipv="ipv4|ipv6"
	   The IP family where the passthrough rule will be added. This can be either ipv4 or ipv6.

       The args can be any arguments of iptables or ip6tables.

       The passthrough rule will be added to the chain directly. There is no mechanism like for the direct rule above. The user of the passthrough
       rule has to make sure that there will be no conflict with the rules created by firewalld.

EXAMPLE

       Blacklisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table:

	   <?xml version="1.0" encoding="utf-8"?>
	   <direct>
	     <chain ipv="ipv4" table="raw" chain="blacklist"/>
	     <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-s 192.168.1.0/24 -j blacklist</rule>
	     <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1">-s 192.168.5.0/24 -j blacklist</rule>
	     <rule ipv="ipv4" table="raw" chain="blacklist" priority="0">-m limit --limit 1/min -j LOG --log-prefix "blacklisted: "</rule>
	     <rule ipv="ipv4" table="raw" chain="blacklist" priority="1">-j DROP</rule>
	   </direct>

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 													       FIREWALLD.DIRECT(5)
All times are GMT -4. The time now is 08:15 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy