Just a Quick Guide For iptables

By -
For adding a chain entry:

    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    iptables -A INPUT -p tcp --dport 143 -j ACCEPT
    iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
    iptables -A INPUT -j DROP
    iptables -I INPUT 8 -p tcp --dport 9999 -j ACCEPT

First entry, adds port 80 (http) to be accepted, port 443 (https), port 21 (ftp), port 22 (ssh,scp, sftp), port 110 (pop3), port 143 (imap), port 3000 (custom set port for thin server--a ruby web server).

Then,
iptables -A INPUT -j DROP
 will drop everything that would connect to the server.

The last entry
iptables -I INPUT 8 -p tcp --dport 9999 -j ACCEPT
will insert into the list at the 8 row of the entry, this is useful when you will be setting a specific priority of filtering a port.

To delete an entry, you can do,
 iptables -D INPUT 2
 to delete the second row of the list, list can be viewed by issuing the command
iptables -L
 To flush all the result, you can do
iptables -F

To add a chain that would only be specific to port intervals, let say, ban all the port that goes from port 20 - port 80, you can execute or add
iptables -A INPUT -p tcp --dport 20:80 -m state --state NEW,ESTABLISHED -j REJECT

where --dport specifies the 20:80 (colon as the delimiter), and -m for extended match and may load extension (here the state), and --state for specifying the states (valid states are INVALID, NEW, ESTABLISHED), and -j to reject the attempt of opening a connection.

 To save your rules, you can execute
iptables-save > /etc/sysconfig/iptables
if your iptables config is in that directory path.

Comments

Post a Comment

Popular posts from this blog

LVM: How to remove a volume using pvremove

By -
First, I encountered this error "Can't pvremove physical volume "/dev/sdc1" of volume group "nova-volumes" without -ff" (I'm actually using OpenStack but it's another story). So to remove this, do first, ~# pvscan   PV /dev/sdb1   VG nova-volumes    lvm2 [1.82 TiB / 1.82 TiB free]   PV /dev/sda5   VG cloudmaster     lvm2 [297.85 GiB / 12.00 MiB free]   PV /dev/sdc1                      lvm2 [1.82 TiB]   Total: 3 [3.93 TiB] / in use: 2 [2.11 TiB] / in no VG: 1 [1.82 TiB] Then, when I do, ~# pvremove /dev/sdc1  Can't pvremove physical volume "/dev/sdc1" of volume group "nova-volumes" without -ff So I need to, ~# vgreduce nova-volumes /dev/sdc1   Removed "/dev/sdc1" from volume group "nova-volumes" Then do `pvscan` again, ~# pvscan   PV /dev/sdb1   VG nova-volumes    lvm2 [1.82 TiB / 1.82 TiB free]   PV /dev/sda5   VG cloudmaster     lvm2 [297.85 GiB / 12.00 MiB free]   PV /dev/
Read more

Using Oracle 11g thru VirtualBox appliance in Mac OS X Lion

By -
Image
I just found that its quite a lot of handy work to make Oracle work in Mac OS X Lion. Currently, I have this quite cool machine with good memory anyway, so I decided to step the easy way, than the "too-much-time-to-work way". So, I just decided to use VirtualBox with Oracle's pre-built virtual appliance with Oracle 11g Enterprise Edition. To use this, I use the steps below. 1. Download VirtualBox at http://www.oracle.com/technetwork/database/enterprise-edition/databaseappdev-vm-161299.html 2. Download the virtual appliances at http://www.oracle.com/technetwork/database/enterprise-edition/databaseappdev-vm-161299.html then just follow the steps. 3. I added some specific ports, since I access it thru  NAT so whenever I am, it's easier for me just to hook up my virtual appliance and turn it on. So you can issue these command in your terminal, $> VBoxManage modifyvm "OTN Developer Days" --natpf1 "ssh,tcp,,2222,,22" $> VBoxManag
Read more

Use Shell Editor for Eclipse for editing bash, ksh, csh in Unix/Linux system

By -
Image
I found ShellEd when googling for any shell editor. It was trouble at first because there's no  how-to that directs me, where I expect to have a direct link that I can copy-en-paste to my Eclipse for installation. So what I did, I download ShellEd (as of this writing file version ShellEd-Update-2.0.0_M3.zip) from sourceforge.net and install, as required, the Linux Tools . After installing Linux Tools, I then locate thru archive the ShellEd zip file and install it successfully. It works good and I feel satisfied with this cool tool to be embedded in eclipse. The sample attached shell script is from JBoss twiddle. It does supports syntax highlighting, intellisense which is cool. Hope this helps.
Read more