iptables help required

General discussion about PLUC and Linux in Pakistan.
Post Reply
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

iptables help required

Post by tahiralijafri »

Dear Friends!

I am using below mentioned reules to accept mac addresses.
iptables -I INPUT -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT
iptables -I FORWARD -m mac --mac-source 00:08:c7:d2:30:f1 -j ACCEPT

i want to deny any other request apart from those i have added manually.
Please let me know how to do it

Regards
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

use ebtable
ebtable is same as iptables but its work on layer 2

Code: Select all

ebtables -p arp -j drop
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Post by tahiralijafri »

Thanks Friend!

But i need it in iptables, as all of my rules are in iptables

regards
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

ok but iptables works beter for layer3 and arp is in layer 2 so beter to keep droping from layer 2
if u use iptables it will resolve layer 3 to backe in layer 2 and than drop them
it will make some delay for network not two much but keep try to work on minimum delay
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

# iptables -I INPUT -p tcp -j DROP

Best Regards.
Farrukh Ahmed
crazy_frog
Naik
Posts: 72
Joined: Fri Dec 16, 2005 9:44 am
Location: Karachi, Pakistan
Contact:

Post by crazy_frog »

chk out a small tutorial for Iptables

I hope it would be helpful for you.
Hâve á nice day !!
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Re

Post by tahiralijafri »

Dear Farrukh!

i have tried iptables -I INPUT -p tcp -j DROP and have also allowed my mac and ip address both, but still no results, my whole lan traffic stops when i apply iptables -I INPUT -p tcp -j DROP .
Please suggest as i realy need help regarding it

Regards

Tahir ALi
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

Please post the output of following commands.

# iptables -L -n --line
# iptables -t nat -L -n --line
# iptables -t mangle -L -n --line
# iptables -t filter -L -n --line


Best Regards.
Farrukh Ahmed
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Re:

Post by tahiralijafri »

AOA Farrukh !
Thanks for your kind attention

Below mentioned is Output of Rules u provided

####iptables -L -n --line

Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42

##### iptables -t nat -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
2 REDIRECT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

###### iptables -t mangle -L -n --line
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 TOS set 0x10
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5000:5050 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
4 TOS udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 TOS set 0x10

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
4 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 TOS set 0x10
5 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 TOS set 0x10

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TOS set 0x08
2 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x10
3 TOS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination




######### iptables -t filter -L -n --line
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20484
2 ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:53
3 ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:53
5 ACCEPT udp -- 10.0.0.0/24 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
13 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
15 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
16 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
17 DROP all -- 0.0.0.0/0 0.0.0.0/0
18 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:51215
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:5020
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8100:8700
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8100:8700
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:2500
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7775:7777
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11999
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2120
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:2001:2120
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6801
19 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6801
20 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6901
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6901
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1720
23 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1720
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050
25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5100
26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7070
27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
31 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
33 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6660:6669
34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:7000:7002
35 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:7000:7002
36 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2090
37 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2091
38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2090
39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2091
40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
41 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5001:50015
42 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8200:8700
43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:8200:8700
44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:2500
45 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
46 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
47 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
48 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7001
49 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1067
50 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1067
51 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:4999

Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:54214
3 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1484
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3130
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3130
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
14 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
15 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:42
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:42

Regards

Tahir Ali Jafri
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

This script will help you allow/deny users with specific mac addresses.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

This will 100% helps you out. I will have to modify my MAC Script.

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t fitler -F
# iptables -t fitler -X
# iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
# iptables -A INPUT -p all -j DROP


Best Regards.
Farrukh Ahmed
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Thanks

Post by tahiralijafri »

LOVE YOU ;) Farrukh!


THanks for your kind help, it really worked, i am really thankfull to you for your kind co-operation. Please tell me one thing

iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT

i am running iptables using drop policies . wont this rule effect it? ive allowed only desired ports and Droped all other please let me know if this rule will open all traffic for my clients?

2: Is there any way to stop p2p. i am running iptables with drop policies but still p2ps like limewire etc connects and sucks my bandwidth, please also help me in this matters.

Thanking in anticipation

Tahir ALi
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

I belive if you block ports using iptables then it will depends upon the placement of rule.

Best Regards.
Farrukh Ahmed
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Include File Iptables

Post by tahiralijafri »

Dear Farrukh!

My Default policies are set to DROP. When i will apply iptables -A INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT it will open any traffic for this mac and that will be a big headace. Is there any way to include a file in this rule. I wana make a file containing my allowed ports and then include this file in this rule. So that just included ports may be accessed by client.

Regards

Tahir ALi
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear tahiralijafri,
Salam,

Take a look at below link.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed
Post Reply