Redhat Linux 8.0 IPtables help

Redhat Linux 8.0 IPtables help

[Sundaram Ramasamy]

Hi,



I have Linux machine with single Network interface. I want to block all the
tcp,udp and icmp port's other then 22,23,24 and 80.



Can you verify the following script?





IPTABLES=/sbin/iptables



$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -p tcp -m multiport --destination-port 22,23,24,80 -j
ACCEPT



$IPTABLES -A INPUT -p udp -m multiport --destination-port 22,23,24,80 -j
ACCEPT





What port should I block for icmp protocol?



-SR

RE: Redhat Linux 8.0 IPtables help

[George Vieira]

"What port should I block for icmp protocol?"
Errrr??... your blocking them already??? Or did you mean, which icmp should you ACCEPT?

-------------------------
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
-------------------------

BTW, why are you allowing UDP 22,23,80??? It's not used for ssh,telnet and http and whatever 24 is.. (can't be bothered). he he ;P

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

-----Original Message-----
From: Sundaram Ramasamy [mailto:sun@percipia.com]
Sent: Friday, June 06, 2003 5:33 AM
To: netfilter@lists.netfilter.org
Subject: Redhat Linux 8.0 IPtables help


Hi,



I have Linux machine with single Network interface. I want to block all the
tcp,udp and icmp port's other then 22,23,24 and 80.



Can you verify the following script?

IPTABLES=/sbin/iptables

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -p tcp -m multiport --destination-port 22,23,24,80 -j
ACCEPT



$IPTABLES -A INPUT -p udp -m multiport --destination-port 22,23,24,80 -j
ACCEPT





What port should I block for icmp protocol?



-SR

Re: Redhat Linux 8.0 IPtables help

[Dharmendra.T]

[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]

On Fri, 2003-06-06 at 01:02, Sundaram Ramasamy wrote:

    Hi,
    
    
    
    I have Linux machine with single Network interface. I want to block all the
    tcp,udp and icmp port's other then 22,23,24 and 80.
    
    
    
    Can you verify the following script?
    
    
    
    
    
    IPTABLES=/sbin/iptables
    
    
    
    $IPTABLES -P INPUT DROP
    $IPTABLES -P OUTPUT DROP
    $IPTABLES -P FORWARD DROP
    
    $IPTABLES -A INPUT -p tcp -m multiport --destination-port 22,23,24,80 -j
    ACCEPT
    
    
    
    $IPTABLES -A INPUT -p udp -m multiport --destination-port 22,23,24,80 -j
    ACCEPT
    
    
    
    
    
    What port should I block for icmp protocol?
    
    
    
    -SR
    
    	You have to add the following rules to enable the communication.
    

$IPTABLES -A OUTPUT -p tcp -m multiport --source-port 22,23,24,80 -j
ACCEPT
$IPTABLES -A OUTPUT -p udp -m multiport --source-port 22,23,24,80 -j
ACCEPT


-- 
Regards
Dharmendra.T


This message is intended for the addressee only. It may contain
privileged or Confidential information. If you have received this
message in error,please notify the sender and destroy the message
immediately.Unauthorised use or reproduction of this message is strictly
prohibited.

[-- Attachment #2: Type: text/html, Size: 4053 bytes --]