• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

IPtables configuration script

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Wed Dec 18, 2002 7:44 pm    Post subject: IPtables configuration script Reply with quote

Hi all,

I am looking for a command line script that configures IPTABLES on a RH8 box (bash shell).

The script should have support for DDOS protection, and Packet Forwarding as the box will act as a gw. Should allow me to configure some settings, such as which ports to allow inbound.

Perl is available on the box.

Any Suggestions / recommendations Please...

Cheers, J
Back to top
View user's profile Send private message Send e-mail
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sat Dec 21, 2002 9:42 pm    Post subject: Reply with quote

A reading recomendation .....

Linux Firewalls 2nd Edition from New Riders press.

Covers most of what u need! Smile
Back to top
View user's profile Send private message Send e-mail
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Sat Dec 21, 2002 9:48 pm    Post subject: Reply with quote

Cool.

Doing it all with IPTABLES is not really a problem, other than the fact it takes a long time... Rolling Eyes

There are many scripts such as NARC, that you just change a few settings to suit your needs, then it creates all of the iptables rules for you.

After that simply dump "iptables-save /etc/sysconfig/iptables" to save them.

"5 minutes and your done"

Looking for something like that...

Cheers, J
Back to top
View user's profile Send private message Send e-mail
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sun Dec 22, 2002 1:38 am    Post subject: Reply with quote

been there n tried that using ipchains!

The N R web site had the core scripts availble for d/l'ing.

Don't want to do the lazy "config script" option here. Best to build your own on the what ever isn't allowed is blocked basis.

Gotta get hard on ip access! Smile
Back to top
View user's profile Send private message Send e-mail
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Sun Dec 22, 2002 3:52 pm    Post subject: Reply with quote

I just want to ask something really quick, in iptables you specify the packets that you want to come throught, or you specify the ones you want to deny?
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Sun Dec 22, 2002 4:02 pm    Post subject: Reply with quote

delete852 wrote:
I just want to ask something really quick, in iptables you specify the packets that you want to come throught, or you specify the ones you want to deny?


Not sure if i fully understand the Question...

IPTables is a tool that you can use to create a series of "rules". These rules can allow or deny packets that flow in and out of your machine.

J
Back to top
View user's profile Send private message Send e-mail
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Sun Dec 22, 2002 6:13 pm    Post subject: Reply with quote

What I ment is the things you specify, do you specify which packets the computer should deny, and then it allows everything else. Or do you specify which ones it should allow, in which case, it woul deny everything that is not specified. From your post I take it that you can do it both ways right?
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Sun Dec 22, 2002 7:07 pm    Post subject: Reply with quote

Correct, that is the default policy.

You can set it to allow everything except from what to explicitly deny

-OR-

You can set it to deny everything except from what to explicitly allow

J
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register