iptables help required

General discussion about PLUC and Linux in Pakistan.

iptables help required

Postby tahiralijafri » Thu Feb 02, 2006 4:54 pm

Dear Friends!

I am using below mentioned reules to accept mac addresses.
iptables -I INPUT -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
iptables -I FORWARD -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT

i want to deny any other request apart from those i have added manually.
Please let me know how to do it

Regards
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Postby kbukhari » Thu Feb 02, 2006 5:59 pm

use ebtable
ebtable is same as iptables but its work on layer 2

Code: Select all

ebtables -p arp -j drop
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby tahiralijafri » Fri Feb 03, 2006 10:43 am

Thanks Friend!

But i need it in iptables, as all of my rules are in iptables

regards
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Postby kbukhari » Fri Feb 03, 2006 11:02 am

ok but iptables works beter for layer3 and arp is in layer 2 so beter to keep droping from layer 2
if u use iptables it will resolve layer 3 to backe in layer 2 and than drop them
it will make some delay for network not two much but keep try to work on minimum delay
--

Syed Kashif Ali Bukhari

+92-345-8444420

http://sysadminsline.com

http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Re:

Postby LinuxFreaK » Fri Feb 03, 2006 4:11 pm

Dear tahiralijafri,
Salam,

# iptables -I INPUT -p tcp -j DROP

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby crazy_frog » Sat Feb 18, 2006 12:08 pm

chk out a small tutorial for Iptables

I hope it would be helpful for you.
Hâve á nice day !!
crazy_frog
Naik
 
Posts: 72
Joined: Fri Dec 16, 2005 9:44 am
WLM: klean_soul@yahoo.com
Yahoo Messenger: klean_soul@yahoo.com
Location: Karachi, Pakistan

Re

Postby tahiralijafri » Mon Feb 27, 2006 1:38 pm

Dear Farrukh!

i have tried iptables -I INPUT -p tcp -j DROP and have also allowed my mac and ip address both, but still no results, my whole lan traffic stops when i apply iptables -I INPUT -p tcp -j DROP .
Please suggest as i realy need help regarding it

Regards

Tahir ALi
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Re:

Postby LinuxFreaK » Mon Feb 27, 2006 3:03 pm

Dear tahiralijafri,
Salam,

Please post the output of following commands.

# iptables -L -n --line
# iptables -t nat -L -n --line
# iptables -t mangle -L -n --line
# iptables -t filter -L -n --line


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby tahiralijafri » Mon Feb 27, 2006 10:06 pm

AOA Farrukh !
Thanks for your kind attention

Below mentioned is Output of Rules u provided

####iptables -L -n --line

Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42

##### iptables -t nat -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
2 REDIRECT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

###### iptables -t mangle -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 TOS set 0x10
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5000:5050 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
4 TOS udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 TOS set 0x10

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
4 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
5 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 TOS set 0x10

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination




######### iptables -t filter -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42

Regards

Tahir Ali Jafri
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Re:

Postby LinuxFreaK » Tue Feb 28, 2006 10:14 am

Dear tahiralijafri,
Salam,

This script will help you allow/deny users with specific mac addresses.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby LinuxFreaK » Tue Feb 28, 2006 10:53 am

Dear tahiralijafri,
Salam,

This will 100% helps you out. I will have to modify my MAC Script.

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t fitler -F
# iptables -t fitler -X
# iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
# iptables -A INPUT -p all -j DROP


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Thanks

Postby tahiralijafri » Wed Mar 01, 2006 10:06 am

LOVE YOU ;) Farrukh!


THanks for your kind help, it really worked, i am really thankfull to you for your kind co-operation. Please tell me one thing

iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT

i am running iptables using drop policies . wont this rule effect it? ive allowed only desired ports and Droped all other please let me know if this rule will open all traffic for my clients?

2: Is there any way to stop p2p. i am running iptables with drop policies but still p2ps like limewire etc connects and sucks my bandwidth, please also help me in this matters.

Thanking in anticipation

Tahir ALi
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Re:

Postby LinuxFreaK » Wed Mar 01, 2006 11:57 am

Dear tahiralijafri,
Salam,

I belive if you block ports using iptables then it will depends upon the placement of rule.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Include File Iptables

Postby tahiralijafri » Mon Mar 06, 2006 12:48 pm

Dear Farrukh!

My Default policies are set to DROP. When i will apply iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT it will open any traffic for this mac and that will be a big headace. Is there any way to include a file in this rule. I wana make a file containing my allowed ports and then include this file in this rule. So that just included ports may be accessed by client.

Regards

Tahir ALi
tahiralijafri
Lance Naik
 
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
WLM: ali_tahir10@hotmail.com
Yahoo Messenger: alliionline@hotmail.com
Location: Rawalpindi

Re:

Postby LinuxFreaK » Tue Mar 07, 2006 3:32 pm

Dear tahiralijafri,
Salam,

Take a look at below link.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” General

Who is online

Users browsing this forum: No registered users and 1 guest