Re: iptables filter rules Question??

To: debian-user@lists.debian.org
Subject: Re: iptables filter rules Question??
From: fbrian@nac.net
Date: Sat, 24 Jul 2004 14:57:49 -0400 (EDT)
Message-id: <[🔎] 42645.207.99.6.85.1090695469.squirrel@webmail.nac.net>

> Incoming from fbrian@nac.net:
>>
>> This is my rule set:
>>
>> 1 iptables -P INPUT DROP
>> 2 iptables -A INPUT -p icmp -j ACCEPT
>> 3 iptables -A INPUT -i lo -j ACCEPT
>> 4 iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
>> 5 iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>> 6 iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset 7
iptables -A INPUT -i ppp0 -p udp -j REJECT
>> 8 iptables -A INPUT -i ppp0 -j REJECT --reject-with
>> icmp-proto-unreachable
>>
>> 9  iptables -P FORWARD DROP
>> 10 iptables -P OUTPUT ACCEPT
>>
>> *********************************************************
>>
>> 1.) Line number five does not work, iptables complains when I issue
that rule.
>
> I use exactly the same rule here:
>
>   iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>


I still am stuck; Not sure why this error is happening

EULER:~# iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables: No chain/target/match by that name
EULER:~#

here is the output of lsmod

EULER:~# lsmod
Module                  Size  Used by    Tainted: P
ipt_REJECT              2720   0  (autoclean)
iptable_filter          1728   0  (autoclean)
bsd_comp                3968   0  (autoclean)
ppp_async               5984   1  (autoclean)
r128                   82840   1
lp                      5984   0  (autoclean)
slip                    7904   0  (autoclean)
parport_pc             14980   2  (autoclean)
plip                   10760   1  (autoclean)
parport                24576   2  (autoclean) [lp parport_pc plip]
iptable_nat            18228   0  (autoclean)
ip_conntrack           19212   1  (autoclean) [iptable_nat]
ip_tables              13056   5  [ipt_REJECT iptable_filter iptable_nat]
ppp_deflate            39040   0
ppp_generic            14088   3  [bsd_comp ppp_async ppp_deflate]
slhc                    4352   2  [slip ppp_generic]
rtc                     5368   0  (autoclean)
EULER:~#


Version of IPtables:

ii  iptables       1.2.6a-5     IP packet filter administration tools for 2.


Running 'debian' woody kernel 2.4.18


Thanks


>> 2.) The functionality I want from my firewall rule set is:
>>
>>       Deny all incoming traffic except, port 22 ssh and allow pings
>>
>>       Allow all outgoing traffic, as well as, it should be able to come
back in if it originated from my box
>>
>> The above rule set did work when I had an ethernet connection on a
different network, but when I changed to dialup, I have problems
getting these to work.
>
> My situation is close, the exception being incoming ssh.  I do,
> however, allow incoming identd (handled by fauxident):
>
> iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 113 -j ACCEPT
iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j LOG
> iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j DROP
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>
> --
> Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling
> - -
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: iptables filter rules Question??
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: Re: mailman (python2.2) segfault
Next by Date: Re: Help with samba 3
Previous by thread: Re: iptables filter rules Question??
Next by thread: Re: iptables filter rules Question??
Index(es):
- Date
- Thread