Posted by sanjaydalal4u on July 9, 2009
If you want your machine to respond to requests initiated from elsewhere on the internet you need to open the required ports. You need to know below details first:
1. Service name you want to open up
2. Is it a tcp or udp service?
3. Port number(s) uses by service?
Example:
To enable ssh access to your box from anywhere on for Class A networks, you could use something like
iptables -A allowed -p tcp –dport 22 -s 10.2.0.0/16 -j ACCEPT
iptables -A allowed -p udp –dport 22 -s 10.2.0.0/16 -j ACCEPT
iptables -A allowed -p tcp –dport 22 -s 10.8.0.0/16 -j ACCEPT
iptables -A allowed -p udp –dport 22 -s 10.8.0.0/16 -j ACCEPT
This allows both udp and tcp traffic from either of the two class A networks to access port 22 on your machine.
Posted in Iptables, Security | Leave a Comment »
Posted by sanjaydalal4u on April 30, 2009
To open a required port you have to know the basic information.
1) Service name ( ssh,ftp,etc…)
2) port number ( 22,25, etc…)
3) tcp port or udp port (tcp or udp)
Example : To enable ssh access to your Server from anywhere
#iptables -A allowed -p tcp -dport 22 -s 0/0 -j ACCEPT
#iptables -A allowed -p udp -dport 22 -s 0/0 -j ACCEPT
Posted in Iptables, Tips & Tricks | Leave a Comment »
Posted by sanjaydalal4u on April 30, 2009
If you want to restrict/allow access to certain service on timely basis using iptables.
Use : iptables patch-o-matic extension (pom or p-o-m)
That allows us to match a packet based on its arrival or departure timestamp.
Syntax : iptables RULE -m time –timestart TIME –timestop TIME –days DAYS -j ACTION
–timestart TIME: Time start value (format is 00:00-23:59)
–timestop TIME: Time stop value (the same format)
–days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).
Example : We want to restrict access to SSH between 10:00 pm – 8:00am on weekdays.
#iptables -A INPUT -p tcp -d 192.168.10.1 –dport 22 -m time –timestart 22:00 –timestop 8:00 -days Mon,Tue,Wed,Thu,Fri -j DROP
Enjoy !!!!!!!!!!!!
Posted in HowTo, Iptables, Tips & Tricks | Leave a Comment »
Posted by sanjaydalal4u on April 30, 2009
Display the List existing chains Entry
iptables -L –n
iptables -L -n -v
iptables -L chain-name -n -v
iptables -L spamips -n –v
Display List existing chains with line number
iptables -L INPUT -n –line-numbers
iptables -L OUTPUT -n –line-numbers
iptables -L spamips -n -v –line-numbers
Delete Rule from IPTABLES using line number
iptables -D INPUT linunumber
Example : iptables -D INPUT 11
You can also use the Below syntax to delete / unblock an IP
iptables -D INPUT -s ipaddress -j DROP
Posted in HowTo, Iptables, Security, Tips & Tricks | Leave a Comment »
