Iptables guide

FiLeBaRoN · 07-23-2008, 03:50 PM

i have used linux before (mandrake, ubuntu/kubuntu) with a gui and never really had to dig into the guts of the kernal. now i have a vds and i need help with confiquring and enabling iptables, i have tired installing APF to manage this for me, but the install went wrong (didnt find this out until after spending 2 hours editting the conf.apf file) and i wanted to know if there is a reasonably easy guide out there that can help me get iptables confiqured correctly. im looking to block both incoming/outgoing udp/tcp port ranges and setting which ports i want to be in htm mode. my vds is running fedora core 6 with cpanel/whm. thank you in advance to any reply's and help :)

hal8000 · 07-24-2008, 02:31 PM

Quote:

Originally Posted by FiLeBaRoN

i have used linux before (mandrake, ubuntu/kubuntu) with a gui and never really had to dig into the guts of the kernal. now i have a vds and i need help with confiquring and enabling iptables, i have tired installing APF to manage this for me, but the install went wrong (didnt find this out until after spending 2 hours editting the conf.apf file) and i wanted to know if there is a reasonably easy guide out there that can help me get iptables confiqured correctly. im looking to block both incoming/outgoing udp/tcp port ranges and setting which ports i want to be in htm mode. my vds is running fedora core 6 with cpanel/whm. thank you in advance to any reply's and help :)

Theres no easy guides but the wiki has simple examples
http://en.wikipedia.org/wiki/Iptables

and later in the document links to external links, man iptables
is a good source for doc also

hajji · 07-24-2008, 09:08 PM

best practice for firewall making is to deny everything.
and open just what you need
there are 3 tables in iptables filter, nat, and mangle, the default is filter.

the syntax is like this;
iptables [tables]/[options]/[interface]/[protocol]/[ipaddress][ports][conditions]
note: this is not the respective parameters

sample:

# flusing in chains
iptables -F

# flush user-define chains
iptables -X

# table nat
iptables -t nat -F
iptables -t nat -X

# table mangle
iptables -t mangle -F
iptables -t mangle -X

# set all default rules to DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# allow loopback connections
# for incoming connection
iptables -A INPUT -i lo -j ACCEPT
# for outgoing connections
iptables -A OUTPUT -o lo -j ACCEPT

# user specific rules and policy starts here

hajji · 07-24-2008, 10:22 PM

for the in and out sample rules

# incoming http connection (port 80)
iptables -A INPUT -i eth0 -s 0/0 --source-port 1024:65535 -d 192.168.0.1 --destination-port 80 -j ACCEPT
# outgoing http (reply)
iptables -A OUTPUT -o eth0 -s 192.168.0.1 --source-port 80 -d 0/0 --destination-port 1024:65535 -j ACCEPT

**wmorri** · 07-25-2008, 08:28 AM

Also, you can check out the Ubuntu community documentation on it here.

Cheers!

07-23-2008, 03:50 PM	#1 (permalink)
FiLeBaRoN Registered User Join Date: Jul 2008 Posts: 2 OS: Vista Sp1	Iptables guide i have used linux before (mandrake, ubuntu/kubuntu) with a gui and never really had to dig into the guts of the kernal. now i have a vds and i need help with confiquring and enabling iptables, i have tired installing APF to manage this for me, but the install went wrong (didnt find this out until after spending 2 hours editting the conf.apf file) and i wanted to know if there is a reasonably easy guide out there that can help me get iptables confiqured correctly. im looking to block both incoming/outgoing udp/tcp port ranges and setting which ports i want to be in htm mode. my vds is running fedora core 6 with cpanel/whm. thank you in advance to any reply's and help :) Last edited by FiLeBaRoN; 07-23-2008 at 03:51 PM.

07-24-2008, 09:08 PM	#3 (permalink)
hajji Registered User Join Date: Jul 2008 Location: MManila Posts: 3 OS: JagzOS	Re: Iptables guide best practice for firewall making is to deny everything. and open just what you need there are 3 tables in iptables filter, nat, and mangle, the default is filter. the syntax is like this; iptables [tables]/[options]/[interface]/[protocol]/[ipaddress][ports][conditions] note: this is not the respective parameters sample: # flusing in chains iptables -F # flush user-define chains iptables -X # table nat iptables -t nat -F iptables -t nat -X # table mangle iptables -t mangle -F iptables -t mangle -X # set all default rules to DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # allow loopback connections # for incoming connection iptables -A INPUT -i lo -j ACCEPT # for outgoing connections iptables -A OUTPUT -o lo -j ACCEPT # user specific rules and policy starts here

07-24-2008, 10:22 PM	#4 (permalink)
hajji Registered User Join Date: Jul 2008 Location: MManila Posts: 3 OS: JagzOS	Re: Iptables guide for the in and out sample rules # incoming http connection (port 80) iptables -A INPUT -i eth0 -s 0/0 --source-port 1024:65535 -d 192.168.0.1 --destination-port 80 -j ACCEPT # outgoing http (reply) iptables -A OUTPUT -o eth0 -s 192.168.0.1 --source-port 80 -d 0/0 --destination-port 1024:65535 -j ACCEPT

07-25-2008, 08:28 AM	#5 (permalink)
wmorri Moderator/Fedora Amb. Join Date: May 2008 Location: /pm/etc Posts: 2,821 OS: Window 7/Fedora 10 My System	Re: Iptables guide Also, you can check out the Ubuntu community documentation on it here. Cheers! __________________ Linux Forever!