5

iptables after drop ftp goes through

view full story
linux-howto

http://serverfault.com – I cannot deny access to FTP for a IP address. First of all i needed to deny everything so i did like this: #iptables -F #iptables -P INPUT DROP #iptables -P OUTPUT DROP #iptables -P FORWARD DROP Then I opened FTP: #modprobe ip_conntrack_ftp #iptables -A INPUT -p TCP -i eth0 --dport 21 -m state --state NEW -j ACCEPT #iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A OUTPUT -p ALL -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT The above works but I have all so tried with this one to: #modprobe ip_conntrack #modprobe ip_conntrack_ftp # (HowTos)

taskli's picture
Submitted by taskli on 05/17/2012 – Made popular on 05/17/2012

Stories similar to iptables after drop ftp goes through

I've ran the following rules:

Code: [ "iptables --flush", "iptables -P INPUT DROP", "iptables -P FORWARD DROP", "iptables -P OUTPUT DROP", "iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT", "iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT", "iptables -A

I'm trying to find out why changing my default iptables policy is affecting what nmap sees when it scans my host.

Consider the following iptables setup:

iptables -F iptables -A INPUT -p tcp -s 10.1.0.0/20 --dport 22 -j ACCEPT

iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j AC

I've setup IPTables with the following script...

This iptables script:

#!/bin/sh service iptables stop iptables -F iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT service iptables save service iptables restart

works as expected on a Centos 6.3 server (provided by VPSBlocks.com.au) but

Current setup

Centos which is a Web, Mail (Postfix,Dovecot), FTP Server and Gateway with public ip and private ip (for LAN Gateway).

We are planning to implement external firewall box and bring the server to LAN

Please guide on configuring IPTables...

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

Further to my earlier question about bridging different subnets - I now need to route requests for one particular IP address differently to all other traffic.

I have the following routing in my iptables on our router:

# Allow established connections, and those !not!

I have installed squid proxy server at server side so that all PCs connected to the server will access internet through it.I have made changes in squid.conf file also.I have added these two lines:- acl localnet src 192.168.0.167 192.168.0.0-192.168.0.250/255.255.255.0 http_access allow localnet

I was setting up my iptables when I performed a iptables -F and my ssh pipe broke.

This is the last output of my session:

root@alfapaints:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:222