How to write IPTable rules such that the administrator on 128.238.66.2 has ssh access to the firewall and no one else is allowed access?
Is it like: iptables –A INPUT –s 128.238.66.2 –j ACCEPT?
Try like this (please be aware that if the IP is wrong, you're locked out):
iptables -A INPUT -p tcp --dport ssh -j REJECT
iptables -A INPUT -p tcp -s 128.238.66.2 --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT
When we say about iptable it is that it bounds with Kernel. The function of iptable is for Setting_Up Firewall.
And to understand its basics you should understand it in, from ground level rather knocking with your sequence of absurd commands as you end-up scribbling & scratching head. Following step by step standard instruction will not be scenario always. SO, lets understand it.
There are three level segregation when we talk about iptable.
Level-1: Rule
Level-2: Chain
Level-3: Table
Lets see one by one now,
Rules are-> ACCEPT, DROP, QUEUE, RETURN
Chains are-> Input, Output, Forward, Pre Routing, Post Routing
Tables are-> Filter Table (Default), NAT Table, RAW Table, Mangle Table
Coming Next Firewalls by generations of improvement can be said like,
1) Packet Filtering Firewall
2) Stateful Firewall
3) Application Layer Firewall
4) Proxies Firewall.
Related
So far I was able to redirect TCP connections with a specific destination address or port to my own program with this iptables rule:
iptables -t nat -A OUTPUT -p tcp -d <address> --dport <port> -j REDIRECT --to <local_port>
This works well until I create a connection to this destination from my proxy because it recursively connects to itself.
Is there a way for iptables to know what the original connection is and only redirect it?
Or is there a better approach?
You can try using owner module and skip the redirection for the traffic coming from the proxy. Check for --uid-owner or --pid-owner, you should be able to differentiate the traffic based on either of these.
Something like this,
iptables -t nat -I OUTPUT -m owner -p tcp -d <address> --dport <port> --uid-owner <proxy-owner> -j ACCEPT
I have ubuntu server with few vps running, mostly shared between friends and colleagues, it is from Hetzner,
I also have 2 set of ips ranging from 5.9.237.xxx to 5.9.237.xxx & 5.9.248.xxx to 5.9.248.xxx.
Today they locked my server due to different IP set on the VPS which is causing the problem, now i have KVM access, and they asked me to set up an IP TABLE rule which only allow to communicate the IP which are assigned and ignore the rest,
How to do this? Am a bit lost,
My OS is Ubuntu, and i want command that will ignore all the ips except the set of ip i give.
Thank You.
You need to drop all (careful with iptables, you can block yourself out) you should learn how your distro handles them .. here are the command s that after a reboot will reset back to normal so temp to test.. .
iptables -A INPUT -i eth0 -j DROP
iptables -I INPUT -i eth0 -s 10.10.10.0/24 -j ACCEPT
or of course specify certain ips
iptables -I INPUT -i eth0 -s 10.10.10.118 -j ACCEPT
there is alot more to iptables then this but this should get you started
I have a requirement in which need to block certain processes to consume network data using VPN interface ( tun0).
physical interface(cellular data) -> tun0- >user space program->physical interface-> destination.
pls correct me if i am wrong , the above way the traffic flows though when VPN is enabled.
so if i want to block one particular process network packet not to forwared to tun0 interface, i have applied the iptable rules for both the physical interface and the tun0 interface. still the application is able to use the network data using the tun0 interface.
is there a way to block the traffic at tun0 interface?
dont know which rules you set but maybe this fix
(allow only tun0, reject others)
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A INPUT -i ! tun0 -j REJECT
iptables -A OUTPUT -o ! tun0 -j REJECT
I just run this command
iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
Do i have to reset a service or something like that? It does not seems to work because when i use netstat -antp i can still see the ip i just dropped
The TCP connection may still be kept open until the timeouts (up to 5 minutes if I remember correctly), but the traffic itself should be dropped (eg. there should be no data flowing).
I already know that the answer with be something simple that I have messed up with! But any idea what's going wrong with these rules?
sudo iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -m multiport --dports http,https -j ACCEPT
sudo iptables -I OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -m multiport --sports http,https -j ACCEPT
I have the DNS set up and every packet for this is arriving to my server so this isn't the problem.
Thanks in advance,
Luke
Think about a NATted outbound connection to a remote web server. The first packet in the flow between the NAT and the remote web server will be an outbound packet with a destination port of 80. You have no rule that packet would match.