[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ip_tables newbie needs help [was "test - please ignore"

* ernst@vindal.com <ernst@vindal.com> [20030402 09:21 PST]:
> Hugh Saunders wrote:
> >
> >On Wed, Apr 02, 2003 at 01:47:20PM -0100, ernst wrote:
> >
> >>test - please ignore
> >
> ><flame>
> >it is *never* necessary to post a test message.
> ></flame>
> >
> >why not just post something relevant (as that is why you joined the list
> >(hopeully)) then see if you get it back?
> >
> >Sometimes takes 30mins or so for message to come back from the
> >list servers.
> >
> >hugh
> Sorry about this, never do it again.
> So to my question,
> I have a debian box configured as firewall with IP tables. Basicly 
> exepting all traffic out and only ssh in. But this rule say "Allow 
> everyone access". Her is from the firewall script:
> <snip>
> /sbin/iptables -A INPUT -p tcp --dport ssh -j ACCEPT
> /sbin/iptables -A INPUT -p udp --dport ssh -j ACCEPT
> </snip>

Why do you allow inbound UDP port 22?  I've never heard of any sshd
running over UDP.

> Is there an easy way to change the rule so I can limit to e.g :
> one host?
> one net/subnet
> or users?

Do you mean you only want to allow packets from a given source?  How
about the --source option?

As for 'users', what do you mean? You can match outgoing packets with
the user running the process that generated them with the --uid-owner
option.  For non-locally-generated packets, it just doesn't make any

> Another problem is when I run "iptables -L" after stop and start, 

stop and start what?  iptables is not a running daemon.

> I'll get the same result. Is there a way to "flush", or clean up the 
> rules?

man iptables | less +/flush

(the answer is '-F').  But really, these are precisely the type of
questions that the man page can answer for you in a few seconds.  Give
it a try.

good times,


Attachment: pgpga9P9yW1Li.pgp
Description: PGP signature

Reply to: