Linux Mint Forums
Port 22 How to open it?
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this
23 posts
• Page 2 of 2 • 1, 2
by Husse on Sat Jul 07, 2007 6:08 pm
Be very careful with what you do with IP-tables - it's extremely hard to get right - I've tried to set rules in a router with IP-tables - small wonder the thing did not fly out of the window
Don't fix it if it ain't broken, don't break it if you can't fix it
- Husse
- Level 21
- Posts: 19717
- Joined: Sun Feb 11, 2007 7:22 am
- Location: Near Borås Sweden
Iptables
by baomike on Sun Jul 08, 2007 2:27 pm
The first thing to do is look at the HOWTOs
http://www.netfilter.org/documentation/ ... tion-howto
secound keep the "man iptables" command handy.
I have adopted the "delete all, insert what I want" because it so much simpler that trying to add /delete rules one at a time.
A look at the man page will show the syntax and that "F" is the flush.
"A" is add , and if you have a blank slate after "F", it is easy. Add in the order you want the stuff, if it matters.
most operations will be in "filter" if you are not doing NAT or something fancy.
The other items are explaned in the man page. I specify "i" (interface) because iptables runs on a dual homed host, and does nat.
The "p" give the protocol to act on.
things like "--dport 15169" tell it to act on destination port 15169
The "-j" tells it what to do with a match. Often "DROP"
I would emphasize the use of the manual page, it really has most of what you need for simple filtering.
http://www.netfilter.org/documentation/ ... tion-howto
secound keep the "man iptables" command handy.
I have adopted the "delete all, insert what I want" because it so much simpler that trying to add /delete rules one at a time.
A look at the man page will show the syntax and that "F" is the flush.
"A" is add , and if you have a blank slate after "F", it is easy. Add in the order you want the stuff, if it matters.
most operations will be in "filter" if you are not doing NAT or something fancy.
The other items are explaned in the man page. I specify "i" (interface) because iptables runs on a dual homed host, and does nat.
The "p" give the protocol to act on.
things like "--dport 15169" tell it to act on destination port 15169
The "-j" tells it what to do with a match. Often "DROP"
I would emphasize the use of the manual page, it really has most of what you need for simple filtering.
- baomike
- Level 1
- Posts: 30
- Joined: Sat Jun 16, 2007 4:55 pm
Fun with iptables
by baomike on Sun Jul 08, 2007 2:39 pm
If you feel mean spirited you might want to investigate some of the following:
#iptables -t filter -A INPUT -p tcp -m tcp --dport 42 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 135 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 137 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 139 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 445 -j TARPIT
##iptables -t filter -A INPUT -p tcp -m tcp --dport 1433 -j TARPIT #Microsoft-SQL-Server TCP
##iptables -t filter -A INPUT -p tcp -m tcp --dport 1434 -j TARPIT #Microsoft-SQL-Server TCP
#iptables -t filter -A INPUT -p tcp -i eth0 -m tcp --dport 901 -j TARPIT
#
I do not currently use this as it does suck up resources.
It does not drop connections when the other party requests that.
it just hangs on and on and on.
There is a module that must be installed for this to work.
and a reconfiguring of the kernel.
http://www.netfilter.org/projects/patch ... extra.html
#iptables -t filter -A INPUT -p tcp -m tcp --dport 42 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 135 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 137 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 139 -j TARPIT
#iptables -t filter -A INPUT -p tcp -m tcp --dport 445 -j TARPIT
##iptables -t filter -A INPUT -p tcp -m tcp --dport 1433 -j TARPIT #Microsoft-SQL-Server TCP
##iptables -t filter -A INPUT -p tcp -m tcp --dport 1434 -j TARPIT #Microsoft-SQL-Server TCP
#iptables -t filter -A INPUT -p tcp -i eth0 -m tcp --dport 901 -j TARPIT
#
I do not currently use this as it does suck up resources.
It does not drop connections when the other party requests that.
it just hangs on and on and on.
There is a module that must be installed for this to work.
and a reconfiguring of the kernel.
http://www.netfilter.org/projects/patch ... extra.html
- baomike
- Level 1
- Posts: 30
- Joined: Sat Jun 16, 2007 4:55 pm
23 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: Google [Bot] and 35 guests