Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: iptables & tcp wrappers

from [Whelan, Paul] Network Security [Permanent Link]
Subject: RE: iptables & tcp wrappers
Date: Thu, 30 Sep 2004 13:09:21 -0400 
Also,
iptables will accept multiple hosts in the rule.  You can do this like:

iptables -A INPUT -p tcp -s ! 1.2.3.4/32,5.6.7.8/32 --dport 22 -j DROP

This consolodates those 3 rules below into one.
Thanks,
Paul

-----Original Message-----
From: Ed J. Aivazian [mailto:stealth@arminco.com] 
Sent: Tuesday, September 28, 2004 5:17 AM
To: Meatplow
Cc: focus-linux@securityfocus.com
Subject: Re: iptables & tcp wrappers


Hello Meatplow,

Saturday, September 25, 2004, 1:57:26 AM, you wrote:

finding line numbers is simple.
--line-numbers.
if you need to restrict ssh for everyone except those you trust,
something like this is fine and flexible.

TRUSTEDHOSTS="1.2.3.4 5.6.7.8"

for host in $TRUSTEDHOSTS do;
    iptables -A INPUT -j ACCEPT -p tcp -s $host --dport ssh
done;

iptables -A INPUT -j DROP -p tcp --dport ssh

As for collecting statistics for the non-trusted attempts, you can make
use of
the iptables LOG target. Get the iptables-tutorial document, I believe
this is the best guide to iptables and to the theory of firewalls in
general.
Luck!



M> -----BEGIN PGP SIGNED MESSAGE-----
M> Hash: SHA1


M> Hello.

M> I'm running RH Enterprise edition.

M> I'm relatively new to iptables.  I am getting the common intrusion
M> attempts with some  of the common uses of test/guest/root/ and a
M> couple others   I've been able to add the IPs to the to iptables.,
M> but
M> I'd really like a log that tells me the info that I want to know.

M> My basic input command is this :
M> #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0  --syn -j DROP

M> iptables seem a little convoluted.  Example.  To delete  a line -
M> supposedly give it a line and it will be deleted/modified.  My
M> problem is even with #iptable -L -v there is no line number ?

M> My goal is to block all incoming ssh attempts except IP#.
M> This is where I got into hosts.allow/deny as mentioned below.

M> I've tried to find many different types of commands and it works to
M> some degree, but not the way I'd expect it to.

M> Any help would be appreciated.  I'm not completely sure that I
M> understand iptables as well as I want/need to.  I've also toyed
M> around with the hosts.allow/hosts.deny and have not been successful.



M> I know that there is a lot of info in here, and I'm tired.  I'll
M> leave it at that


M> Thanks in advance for your time and help.

M> Meatplow
M> greg  ta meatplow.com


M> Thanks again.

M> -----BEGIN PGP SIGNATURE-----
M> Version: PGPfreeware 6.5.8 for non-commercial use
<http://www.pgp.com>

M> iQA/AwUBQVSBsR42gIcyjrnjEQJIqwCfWAShp7r+J1XNNjQq6sbvvD03WZ8AoNrg
M> ctQ837g5pQDafgBhTTeeMr1V
M> =niWK
M> -----END PGP SIGNATURE-----








-- 
Best regards,
 Ed                            mailto:stealth@arminco.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: iptables & tcp wrappers, harry
Next by Date:  Re: iptables & tcp wrappers, Francisco R. Romo Alfaro
Previous by Thread:  RE: iptables & tcp wrappers, Bowes, Ronald (EST)
Indexes:  [Date] [Thread] [Top] [All Lists]