From: Velvet Pixel <velvetpixel@gmail.com>
To: netfilter@vger.kernel.org
Subject: iptables help please
Date: Fri, 11 Jul 2008 16:16:45 -0700 [thread overview]
Message-ID: <1ce04a81aa0e973c5d33389c51759336@gmail.com> (raw)
Since upgrading my install from CentOS 5.1 to 5.2 and I am getting lots
of errors in messages that look like they are iptables related.
If anybody could help comment on my iptables rules to let me know if I
have them set up incorrectly I would appreciate it :)
This is on an OpenVZ VPS at a remote data center and not a box on my
lan.
Run chain banished Always
Accept If input interface is lo
Accept If protocol is TCP and TCP flags ACK (of ACK) are set
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
Accept If protocol is TCP and source port is 53
Accept If protocol is UDP and source port is 53
Accept If protocol is ICMP and ICMP type is echo-reply
Accept If protocol is ICMP and ICMP type is destination-unreachable
Accept If protocol is ICMP and ICMP type is source-quench
Accept If protocol is ICMP and ICMP type is time-exceeded
Accept If protocol is ICMP and ICMP type is parameter-problem
Accept If protocol is ICMP and ICMP type is echo-request
Drop If protocol is TCP and destination port is ftp
Accept If protocol is TCP and source is xx.xx.xx.xx and destination
port is ssh
Drop If protocol is TCP and destination port is ssh
Accept If protocol is TCP and destination port is 25
Accept If protocol is TCP and destination port is 80
Accept If protocol is TCP and source is xx.xx.xx.xx and destination
port is 110
Drop If protocol is TCP and destination port is 110
Accept If protocol is TCP and destination port is 113
Accept If protocol is TCP and source is xx.xx.xx.xx and destination
port is 143
Drop If protocol is TCP and destination port is 143
Accept If protocol is TCP and destination port is 443
Drop If protocol is TCP and destination port is 465
Accept If protocol is TCP and source is xx.xx.xx.xx and destination
port is 10000:10010
Drop If protocol is TCP and destination port is 10000:10010
Accept If protocol is TCP and source is xx.xx.xx.xx and destination
port is 20000
Drop If protocol is TCP and destination port is 20000
Accept If source is 127.0.0.1
Accept If input interface is venet0
The xx.xx.xx.xx is my static IP for my home office.
The chain banished is IPs of crackers that were repeatedly trying to
get in my system and their source IPs are set to deny.
The type of error I am seeing is:
Jul 10 16:42:12 vps kernel: IN= OUT=venet0 SRC=IP.IP.IP.IP
DST=zz.zz.zz.zz LEN=1452 TOS=0x08 PREC=0x00 TTL=64 ID=4361 DF PROTO=TCP
SPT=22 DPT=63628 WINDOW=644 RES=0x00 ACK URGP=0
zz.zz.zz.zz=any ip accessing the server
IP.IP.IP.IP=IP of the server
My messages file is usually 44B and now in one day it is over 60MB!!!
with thousands of those messages being logged so I need help :)
Thanks,
Cameron
next reply other threads:[~2008-07-11 23:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-11 23:16 Velvet Pixel [this message]
2008-07-12 4:32 ` iptables help please Ukeme Noah
2008-07-12 6:58 ` Velvet Pixel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1ce04a81aa0e973c5d33389c51759336@gmail.com \
--to=velvetpixel@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox