Firewall rule for multiport not getting deleted

12-18-2012

Registered User

286, 4

Join Date: Nov 2011

Last Activity: 13 February 2016, 2:18 AM EST

Location: Bangalore, INDIA

Posts: 286

Thanks Given: 126

Thanked 4 Times in 4 Posts

Firewall rule for multiport not getting deleted

The REJECT rule in iptables is as shown below

/etc/sysconfig/iptables>>

Code:

-A INPUT -s 10.110.110.52 -d 10.110.110.53 -p tcp -m tcp --dport 7800 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -s 10.110.110.53 -d 10.110.110.52 -p tcp -m tcp --dport 7800 -j REJECT --reject-with icmp-port-unreachable

[/CODE]
in the scripts i am using, commands to create and delte firewall as below

DeleteFirewall.sh>>

Code:

 
/sbin/iptables -D OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
 
/sbin/iptables -D OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

Createfirewall.sh>>

Code:

 
/sbin/iptables -I INPUT -p tcp --dport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -I INPUT -p tcp --sport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT
 
/sbin/iptables -I OUTPUT -p tcp --dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -I OUTPUT -p tcp --sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

DisArmServer.sh>>

Code:

 
/sbin/iptables -I INPUT 1 -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
if [ ! -z $JPORT  ]; then
  /sbin/iptables -I INPUT 1 -p udp -m multiport --source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
  /sbin/iptables -I INPUT 1 -p udp -m multiport --destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
fi

/sbin/iptables -I OUTPUT 1 -p tcp --sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
  /sbin/iptables -I OUTPUT 1 -p udp -m multiport --source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
  /sbin/iptables -I OUTPUT 1 -p udp -m multiport --destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
fi

ReArm.sh>>

Code:

/sbin/iptables -D INPUT -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
 
if [ ! -z $JPORT  ]; then
  logger -s -p info "${SCRIPT_NAME}: Running iptables command: /sbin/iptables -D INPUT -p udp -m multiport  \
                --source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP"
  /sbin/iptables -D INPUT -p udp -m multiport --source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
        /sbin/iptables -D INPUT -p udp -m multiport --destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
fi

/sbin/iptables -D OUTPUT -p tcp --dport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
  /sbin/iptables -D OUTPUT -p udp -m multiport --source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
  /sbin/iptables -D OUTPUT -p udp -m multiport --destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
fi

deleteJBCacheFirewall.sh>>

Code:

/sbin/iptables -D INPUT -p tcp --sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp --sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
 
/sbin/iptables -D INPUT -p udp -m multiport --source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport --destination-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
 
/sbin/iptables -D OUTPUT -p udp -m multiport --source-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport --destination-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP

but none of these scripts written to remove this rule is removing it..

Code:

iptables -L -n | grep "7800"REJECT     tcp  --  10.110.110.52        
                       10.110.110.53       tcp dpt:7800 reject-with icmp-port-unreachable
REJECT     tcp  --  10.110.110.53        
                     10.110.110.52        tcp dpt:7800 reject-with icmp-port-unreachable

and even when creating the rule we are using UDP for multiport but in iptables the rule is shown as multiprt for TCP(p tcp -m tcp --dport )... i am not able to understand where it came form.. any help will be deeply appreciated... :-(

Last edited by Scott; 12-18-2012 at 01:02 PM.. Reason: Removed formatting

vivek d r

View Public Profile for vivek d r

Find all posts by vivek d r

12-19-2012

Registered User

4,673, 588

Join Date: Oct 2010

Last Activity: 1 February 2016, 3:35 PM EST

Location: Southern NJ, USA (Nord)

Posts: 4,673

Thanks Given: 8

Thanked 588 Times in 561 Posts

Shouldn't delete reference input and output not output twice?

This User Gave Thanks to DGPickett For This Post:

DGPickett

View Public Profile for DGPickett

Find all posts by DGPickett

Emergency UNIX and Linux Support

Firewall rule for multiport not getting deleted

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables rule to block access from VM Browser to Firewall Login Page

Discussion started by: senrabdet

2. Web Development

Need help with rewrite rule

Discussion started by: BSrikanthB

3. Linux

IPtable rule help need

Discussion started by: iron_michael86

4. Post Here to Contact Site Administrators and Moderators

Rule # 8

Discussion started by: bluegospel

5. Email Antispam Techniques and Email Filtering

procmail rule

Discussion started by: jones