iptables help required
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
iptables help required
Dear Friends!
I am using below mentioned reules to accept mac addresses.
iptables -I INPUT -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
iptables -I FORWARD -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
i want to deny any other request apart from those i have added manually.
Please let me know how to do it
Regards
I am using below mentioned reules to accept mac addresses.
iptables -I INPUT -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
iptables -I FORWARD -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
i want to deny any other request apart from those i have added manually.
Please let me know how to do it
Regards
use ebtable
ebtable is same as iptables but its work on layer 2
ebtable is same as iptables but its work on layer 2
Code: Select all
ebtables -p arp -j drop
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
-
- Naik
- Posts: 72
- Joined: Fri Dec 16, 2005 9:44 am
- Location: Karachi, Pakistan
- Contact:
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
Re
Dear Farrukh!
i have tried iptables -I INPUT -p tcp -j DROP and have also allowed my mac and ip address both, but still no results, my whole lan traffic stops when i apply iptables -I INPUT -p tcp -j DROP .
Please suggest as i realy need help regarding it
Regards
Tahir ALi
i have tried iptables -I INPUT -p tcp -j DROP and have also allowed my mac and ip address both, but still no results, my whole lan traffic stops when i apply iptables -I INPUT -p tcp -j DROP .
Please suggest as i realy need help regarding it
Regards
Tahir ALi
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear tahiralijafri,
Salam,
Please post the output of following commands.
# iptables -L -n --line
# iptables -t nat -L -n --line
# iptables -t mangle -L -n --line
# iptables -t filter -L -n --line
Best Regards.
Salam,
Please post the output of following commands.
# iptables -L -n --line
# iptables -t nat -L -n --line
# iptables -t mangle -L -n --line
# iptables -t filter -L -n --line
Best Regards.
Farrukh Ahmed
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
Re:
AOA Farrukh !
Thanks for your kind attention
Below mentioned is Output of Rules u provided
####iptables -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42
##### iptables -t nat -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
2 REDIRECT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
###### iptables -t mangle -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 TOS set 0x10
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5000:5050 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
4 TOS udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 TOS set 0x10
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
4 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
5 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 TOS set 0x10
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
######### iptables -t filter -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42
Regards
Tahir Ali Jafri
Thanks for your kind attention
Below mentioned is Output of Rules u provided
####iptables -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42
##### iptables -t nat -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
2 REDIRECT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
###### iptables -t mangle -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 TOS set 0x10
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5000:5050 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
4 TOS udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 TOS set 0x10
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
4 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
5 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 TOS set 0x10
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
######### iptables -t filter -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42
Regards
Tahir Ali Jafri
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear tahiralijafri,
Salam,
This script will help you allow/deny users with specific mac addresses.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Salam,
This script will help you allow/deny users with specific mac addresses.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear tahiralijafri,
Salam,
This will 100% helps you out. I will have to modify my MAC Script.
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t fitler -F
# iptables -t fitler -X
# iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
# iptables -A INPUT -p all -j DROP
Best Regards.
Salam,
This will 100% helps you out. I will have to modify my MAC Script.
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t fitler -F
# iptables -t fitler -X
# iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
# iptables -A INPUT -p all -j DROP
Best Regards.
Farrukh Ahmed
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
Thanks
LOVE YOU Farrukh!
THanks for your kind help, it really worked, i am really thankfull to you for your kind co-operation. Please tell me one thing
iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
i am running iptables using drop policies . wont this rule effect it? ive allowed only desired ports and Droped all other please let me know if this rule will open all traffic for my clients?
2: Is there any way to stop p2p. i am running iptables with drop policies but still p2ps like limewire etc connects and sucks my bandwidth, please also help me in this matters.
Thanking in anticipation
Tahir ALi
THanks for your kind help, it really worked, i am really thankfull to you for your kind co-operation. Please tell me one thing
iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
i am running iptables using drop policies . wont this rule effect it? ive allowed only desired ports and Droped all other please let me know if this rule will open all traffic for my clients?
2: Is there any way to stop p2p. i am running iptables with drop policies but still p2ps like limewire etc connects and sucks my bandwidth, please also help me in this matters.
Thanking in anticipation
Tahir ALi
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear tahiralijafri,
Salam,
I belive if you block ports using iptables then it will depends upon the placement of rule.
Best Regards.
Salam,
I belive if you block ports using iptables then it will depends upon the placement of rule.
Best Regards.
Farrukh Ahmed
-
- Lance Naik
- Posts: 25
- Joined: Sat Dec 17, 2005 8:40 pm
- Location: Rawalpindi
- Contact:
Include File Iptables
Dear Farrukh!
My Default policies are set to DROP. When i will apply iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT it will open any traffic for this mac and that will be a big headace. Is there any way to include a file in this rule. I wana make a file containing my allowed ports and then include this file in this rule. So that just included ports may be accessed by client.
Regards
Tahir ALi
My Default policies are set to DROP. When i will apply iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT it will open any traffic for this mac and that will be a big headace. Is there any way to include a file in this rule. I wana make a file containing my allowed ports and then include this file in this rule. So that just included ports may be accessed by client.
Regards
Tahir ALi
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear tahiralijafri,
Salam,
Take a look at below link.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Salam,
Take a look at below link.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Farrukh Ahmed