iptables Default Policy of DROP
iptables Default Policy of DROP
AOA
I am using Fedora 6 as my gateway configured with nat and iptables.I have two questions.
First of all i want to secure my linux box as much as possible by impliment firewall script using iptables to change default policy of every chain to DROP and then allow only specific services that are required to run on my network, like http, ftp.
Secondly i have blocked some sites in squid. But user managed to open it by entering its ip address instead of url. Plz help me to resolve this issue using squid.
Regards,
Asif
I am using Fedora 6 as my gateway configured with nat and iptables.I have two questions.
First of all i want to secure my linux box as much as possible by impliment firewall script using iptables to change default policy of every chain to DROP and then allow only specific services that are required to run on my network, like http, ftp.
Secondly i have blocked some sites in squid. But user managed to open it by entering its ip address instead of url. Plz help me to resolve this issue using squid.
Regards,
Asif
AOA,
Please first search this forum, as firewall related issues are there that will solve your porblem.
Please first search this forum, as firewall related issues are there that will solve your porblem.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Re: iptables Default Policy of DROP
Q1. Do you know how to play with iptables ?Javed4u wrote:AOA
I am using Fedora 6 as my gateway configured with nat and iptables.I have two questions.
First of all i want to secure my linux box as much as possible by impliment firewall script using iptables to change default policy of every chain to DROP and then allow only specific services that are required to run on my network, like http, ftp.
Secondly i have blocked some sites in squid. But user managed to open it by entering its ip address instead of url. Plz help me to resolve this issue using squid.
Regards,
Asif
Q2. block ip based url in squid using regex.
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Javed4u,
Salam,
For Reference you can look into this.
FYI, http://www.netfilter.org/documentation/index.html
Best Regards.
Salam,
For Reference you can look into this.
FYI, http://www.netfilter.org/documentation/index.html
Best Regards.
Farrukh Ahmed
-
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
Re: iptables Default Policy of DROP
Hello ;
you can remove all previous firewall rules and then implement this IP tables rule
>> iptables -I INPUT -p udp -i eth0 --dport 80 -j ACCEPT
>> iptables -I INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 80 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 22 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 21 -j ACCEPT
>> service iptables save
>> service iptables restart
>> iptables -A INPUT -j REJECT
Also for web sites access issue, this should be squid issue not iptables.
Regards,
Ghulam Yaseen
you can remove all previous firewall rules and then implement this IP tables rule
>> iptables -I INPUT -p udp -i eth0 --dport 80 -j ACCEPT
>> iptables -I INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 80 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 22 -j ACCEPT
>> iptables -I INPUT -p tcp -s IP_addr --dport 21 -j ACCEPT
>> service iptables save
>> service iptables restart
>> iptables -A INPUT -j REJECT
Also for web sites access issue, this should be squid issue not iptables.
Regards,
Ghulam Yaseen
Javed4u wrote:AOA
I am using Fedora 6 as my gateway configured with nat and iptables.I have two questions.
First of all i want to secure my linux box as much as possible by impliment firewall script using iptables to change default policy of every chain to DROP and then allow only specific services that are required to run on my network, like http, ftp.
Secondly i have blocked some sites in squid. But user managed to open it by entering its ip address instead of url. Plz help me to resolve this issue using squid.
Regards,
Asif
yeah, that'll work great.iptables -I INPUT -p udp -i eth0 --dport 80 -j ACCEPT
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
AOA,
Nice one Lambda bhai
Nice one Lambda bhai
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
regarding -i eth0
Sorry for writting -i eth0 with the iptables rule
lambda wrote:yeah, that'll work great.iptables -I INPUT -p udp -i eth0 --dport 80 -j ACCEPT
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re: regarding -i eth0
Dear x2oxen,
Salam,
Best Regards.
Salam,
What is the problem in this rule ?ghulam yaseen wrote:iptables -I INPUT -p udp -i eth0 --dport 80 -j ACCEPT
Best Regards.
Farrukh Ahmed
http uses tcp.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact: