MAC to IP matching security in IP Tables

Protecting your Linux box
maiqbal
Lance Naik
Posts: 19
Joined: Fri Sep 03, 2004 11:04 am
Location: Karachi
Contact:

Postby maiqbal » Fri Sep 01, 2006 1:19 pm


LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Fri Sep 01, 2006 6:18 pm

Dear maiqbal,
Salam,

You should modify your script and use following switch when you are drop connections.

# /sbin/iptables -P INPUT -A DROP
# /sbin/iptables -P FORWARD DROP


You must read the difference b/w -I and -A

Best Regards.
Farrukh Ahmed

wazim4_u
Naik
Posts: 68
Joined: Mon Jun 13, 2005 10:38 pm
Location: Saudi Arabia (Riyadh)
Contact:

Postby wazim4_u » Sat Sep 02, 2006 3:20 pm

Dear Iqbal
Salam

Well the INPUT and FORWARD Polices must be set to DROP, I got a point why you are not getting access from allowed IPs and MACs of the clients. Add this line in your script after the bind MAC with IPs. I hope it will let you access.


/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT

Please let me know if it works.

Wasim

sarthor
Battalion Quarter Master Havaldaar
Posts: 241
Joined: Wed Dec 24, 2003 2:36 am
Location: Pukhtoonistan
Contact:

Postby sarthor » Sat Oct 21, 2006 6:55 pm

Tefl E Maktab
-----------------------------
----- ----- ----- ------ ------ -------

wazim4_u
Naik
Posts: 68
Joined: Mon Jun 13, 2005 10:38 pm
Location: Saudi Arabia (Riyadh)
Contact:

Postby wazim4_u » Sun Oct 29, 2006 3:56 pm


A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Postby A_Karim » Sat Oct 20, 2007 2:49 pm

Eyes Never Says Lies

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Oct 22, 2007 8:40 am

Dear A_Karimm

Just add a rule in your INPUT chain which allows port 80 to every one.

# /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Best Regards.
Farrukh Ahmed

A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Re:

Postby A_Karim » Mon Oct 22, 2007 12:44 pm

Eyes Never Says Lies

A_Karim
Lance Naik
Posts: 34
Joined: Thu Jul 22, 2004 4:18 pm
Location: Karachi
Contact:

Postby A_Karim » Wed Oct 24, 2007 3:48 pm

Assalam-o-Aliakum to all

No solution ??? ??? ???

Regards,
AK
Eyes Never Says Lies

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Oct 29, 2007 2:01 pm

Dear A_Karim,
Salam,

I prefer you to read netfilter documentation.

FYI, http://www.netfilter.org

Best Regards.
Farrukh Ahmed

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Oct 29, 2007 2:01 pm

Dear A_Karim,
Salam,

I prefer you to read netfilter documentation.

FYI, http://www.netfilter.org

Best Regards.
Farrukh Ahmed

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Oct 29, 2007 2:01 pm

Dear A_Karim,
Salam,

I prefer you to read netfilter documentation.

FYI, http://www.netfilter.org

Best Regards.
Farrukh Ahmed


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest