Sami Dalouche [EMAIL PROTECTED] wrote:
Here's a set of rules to replace ipmasq's ones..
Thank you, I'll take a look at them. But, I'd still need some help
concerning the DROP chain -- I've read the Packet-filtering-HOWTO,
and eyed all related HOWTOs from LDP (actually, the Debian package
On Sun, 21 Apr 2002, Jussi Ekholm wrote:
[snip]
Thank you, I'll take a look at them. But, I'd still need some help
concerning the DROP chain -- I've read the Packet-filtering-HOWTO,
and eyed all related HOWTOs from LDP (actually, the Debian package
doc-linux-html), but *still* I'm unable to
On Sun, 21 Apr 2002 18:34:58 +0200 (CEST)
Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote:
http://www.linuxguruz.org/iptables/
I've found that shorewall (now apt-gettable) makes a very nice iptables
framework/wrapper.
--
J C Lawrence
-(*)Satan,
Sami Dalouche [EMAIL PROTECTED] wrote:
Here's a set of rules to replace ipmasq's ones..
Thank you, I'll take a look at them. But, I'd still need some help
concerning the DROP chain -- I've read the Packet-filtering-HOWTO,
and eyed all related HOWTOs from LDP (actually, the Debian package
On Sun, 21 Apr 2002 18:34:58 +0200 (CEST)
Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote:
http://www.linuxguruz.org/iptables/
I've found that shorewall (now apt-gettable) makes a very nice iptables
framework/wrapper.
--
J C Lawrence
-(*)Satan,
On Thu, Sep 20, 2001 at 05:05:11AM +0200, Mathias Palm wrote:
...
I use the connection-tracking support, so I can drop everything except
traffic related to a connection I opened. This is what I use (NAT stuff
omitted):
iptables -t filter -P FORWARD ACCEPT
iptables -t
Peter Cordes wrote:
On Wed, Apr 17, 2002 at 01:09:27PM +0200, Martin Peikert wrote:
First, you should set your policy to DROP. The way you configured your
filter with a policy set to ACCEPT would let all traffic pass through.
No it doesn't; It would block new connections, because it rejects
* Quoting Mathias Palm ([EMAIL PROTECTED]):
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Sorry, I dont get that. The manpage says:
...ESTABLISHED meaning that the
packet is associated with a connection which has
seen packets in both directions...
...
I use the connection-tracking support, so I can drop everything except
traffic related to a connection I opened. This is what I use (NAT stuff
omitted):
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
On Thu, Sep 20, 2001 at 05:05:11AM +0200, Mathias Palm wrote:
...
I use the connection-tracking support, so I can drop everything except
traffic related to a connection I opened. This is what I use (NAT stuff
omitted):
iptables -t filter -P FORWARD ACCEPT
iptables -t
Michal Melewski [EMAIL PROTECTED] wrote:
Lars Roland Kristiansen wrote:
I am no iptables guro, i just want to close all exept from
ssh(port 22), pop3(port 110) and imap(port143). Is there and
easy way to do this.
Sure it is easy...
I was just wondering, if some experienced iptables
-security@lists.debian.org
Sent: Wednesday, April 17, 2002 11:45 AM
Subject: Re: Iptables config
rules-v0.1.tar.bz2
Description: Binary data
On Wed, Apr 17, 2002 at 01:09:27PM +0200, Martin Peikert wrote:
Jussi Ekholm wrote:
I was just wondering, if some experienced iptables users could give me,
at least some, opinions about my iptables rules. It is supposed to close
all the other ports, but leave 1050, and 8080 open. Here's
...
I use the connection-tracking support, so I can drop everything except
traffic related to a connection I opened. This is what I use (NAT stuff
omitted):
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
-Original Message-
From: Marcin Bednarz [SMTP:[EMAIL PROTECTED]]
Sent: dimanche 14 avril 2002 09:15
To: Lars Roland Kristiansen
Cc:
Subject:Re: Iptables config
On Mon, Apr 15, 2002 at 07:58:00PM +0200, Mathias Palm wrote:
...
Looking at all these, people might say more about smtp-packages going
astry
s/package/packet/g
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca)
The gods confound the man who first found out how to
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
-Original Message-
From: Marcin Bednarz [SMTP:[EMAIL PROTECTED]
Sent: dimanche 14 avril 2002 09:15
To: Lars Roland Kristiansen
Cc:
Subject:Re: Iptables config
As mentioned in some other mail, always use iptables -F IMPUT first to
avoid piling up rules like in your case. You defined three rules and
there shouldn't be more (its not a windows maschine after all).
A couple more questions. What is your net set up: Are 192.168.2.2 and
xxx.yyy.zzz.com (the ip
I'd say it might very well work correctly, but the table nat is not
made for package filtering but for address translation
(nat--network address translation) which is used for masquerading and
portforwarding. If you only want a filtering firewall you might very well
save yourself the effort to
On Mon, Apr 15, 2002 at 07:58:00PM +0200, Mathias Palm wrote:
...
Looking at all these, people might say more about smtp-packages going
astry
s/package/packet/g
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca)
The gods confound the man who first found out how to
Hello.
I wrote :
# change of politics to drop
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
#add ssh serwer (allow incoming)
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 22 -j ACCEPT
#add pop3 and imap
iptables -t nat -A PREROUTING
When using the folowing rules
-
iptables -P INPUT ACCEPT
iptables -A INPUT -p tcp -m multiport -s 0/0 --dport 25,110,22 -i eth0 -j
ACCEPT
-
On Sun, Apr 14, 2002 at 12:28:16PM +0200, Lars Roland Kristiansen wrote:
When using the folowing rules
-
iptables -P INPUT ACCEPT
iptables -A INPUT -p tcp -m multiport -s 0/0 --dport 25,110,22 -i eth0 -j
ACCEPT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter == Peter Cordes [EMAIL PROTECTED] writes:
Peter If you set INPUT policy to DROP, doesn't that drop everything,
Peter not just incoming SYN packets? If you want to be able to
Peter establish any connections from the machine to anywhere else,
Hello.
I wrote :
# change of politics to drop
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
#add ssh serwer (allow incoming)
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 22
-j ACCEPT
#add pop3 and imap
iptables -t nat -A
On Sun, Apr 14, 2002 at 12:28:16PM +0200, Lars Roland Kristiansen wrote:
When using the folowing rules
-
iptables -P INPUT ACCEPT
iptables -A INPUT -p tcp -m multiport -s 0/0 --dport 25,110,22 -i eth0 -j
ACCEPT
On Fri, Apr 12, 2002 at 11:37:09AM +0200, Michal Melewski wrote:
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter == Peter Cordes [EMAIL PROTECTED] writes:
Peter If you set INPUT policy to DROP, doesn't that drop everything,
Peter not just incoming SYN packets? If you want to be able to
Peter establish any connections from the machine to anywhere else,
On Fri, Apr 12, 2002 at 11:37:09AM +0200, Michal Melewski wrote:
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
___
Mvh./Yours sincerely
Lars
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143).
Hello
I will try to help you.
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
En réponse à Michal Melewski [EMAIL PROTECTED]:
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen
wrote:
Hi - i have just installed an mailserver with postfix and
wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i
just
want to close all
Thanks for the quick respons
I have put this in my /etc/default/iptables file
# Deny ALL
iptables -P INPUT DROP
# Allow these sevices
# SMTP
iptables -I INPUT -p tcp -s 0/0 --dport 25 -i eth0 -j ACCEPT
# SSH
iptables -I INPUT -p tcp -s 0/0 --dport 22 -i eth0 -j ACCEPT
# POP#
iptables -I
To: [EMAIL PROTECTED]
Subject:Re: Iptables config
File: SMIME.txt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
Sure it is easy...
iptables -P
El vie, 12-04-2002 a las 13:25, Lars Roland Kristiansen escribió:
# SMTP
iptables -I INPUT -p tcp -s 0/0 --dport 25 -i eth0 -j ACCEPT
# SSH
iptables -I INPUT -p tcp -s 0/0 --dport 22 -i eth0 -j ACCEPT
# POP#
iptables -I INPUT -p tcp -s 0/0 --dport 110 -i eth0 -j ACCEPT
I can connect to
Henrique Pedroni Neto wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
well, it's better to replace DROP by ACCEPT in this last line if you want to
accept the packets ;)
Damm ;)
Sure you are right; sorry , my fault.
I was a bit sleepy while writing this
--
Michael carstein Melewski | One day, he said, in a taped segment
[EMAIL PROTECTED] |
Here is where i am now - if i dont run iptables it all works - for some
reason closing all the ports and setting the deafult policy to deny dosent
seam to work (if i then after set smtp, pop3 ssh to allow). But setting
the default policy to allow and then useing nmap to detect what ports that
are
Sorry!
I cannot see this :)
Normally we use the smtp protocol not imap!
Thanks.
True, but the necessary ports are 22, 110 and 143. Port 25 is for smtp
which Lars didn't want to open.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Fri, Apr 12, 2002 at 04:05:54PM +0200, Lars Roland Kristiansen wrote:
Here is where i am now - if i dont run iptables it all works - for some
reason closing all the ports and setting the deafult policy to deny dosent
seam to work (if i then after set smtp, pop3 ssh to allow). But setting
Here is where i am now - if i dont run iptables it all works - for some
reason closing all the ports and setting the deafult policy to deny dosent
seam to work (if i then after set smtp, pop3 ssh to allow). But setting
the default policy to allow and then useing nmap to detect what ports that
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
___
Mvh./Yours sincerely
Lars
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143).
Hello
I will try to help you.
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
#
En réponse à Michal Melewski [EMAIL PROTECTED]:
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen
wrote:
Hi - i have just installed an mailserver with postfix and
wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i
just
want to close all exept
Thanks for the quick respons
I have put this in my /etc/default/iptables file
# Deny ALL
iptables -P INPUT DROP
# Allow these sevices
# SMTP
iptables -I INPUT -p tcp -s 0/0 --dport 25 -i eth0 -j ACCEPT
# SSH
iptables -I INPUT -p tcp -s 0/0 --dport 22 -i eth0 -j ACCEPT
# POP#
iptables -I INPUT
-security@lists.debian.org
Subject:Re: Iptables config
File: SMIME.txt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Fri, 2002-04-12 at 13:27, VERBEEK, Francois wrote:
BTW if you plan to use --dport you need rather a line like
iptables -A INPUT -p tcp -s 0/0 -m tcp --dport 22 -i $dev -j ACCEPT
-m tcp is not needed. See manpage:
MATCH EXTENSIONS
iptables can use extended packet matching modules.
En réponse à Lars Roland Kristiansen [EMAIL PROTECTED]:
Thanks for the quick respons
I have put this in my /etc/default/iptables file
# Deny ALL
iptables -P INPUT DROP
# Allow these sevices
# SMTP
iptables -I INPUT -p tcp -s 0/0 --dport 25 -i eth0 -j ACCEPT
# SSH
iptables -I
Laurent Luyckx [EMAIL PROTECTED] writes:
[snip]
i get cant conect to smtp service when trying to mail
try by rejecting port 113 requests with :
iptables -I INPUT -p tcp -s 0/0 --dport 113 -i eth0 -j REJECT
If you're going to use -j REJECT for a TCP packet, you really ought to use
El vie, 12-04-2002 a las 13:25, Lars Roland Kristiansen escribió:
# SMTP
iptables -I INPUT -p tcp -s 0/0 --dport 25 -i eth0 -j ACCEPT
# SSH
iptables -I INPUT -p tcp -s 0/0 --dport 22 -i eth0 -j ACCEPT
# POP#
iptables -I INPUT -p tcp -s 0/0 --dport 110 -i eth0 -j ACCEPT
I can connect to
Henrique Pedroni Neto wrote:
Hi - i have just installed an mailserver with postfix and wu-imap/pop3
now i just want to have iptables running. I am no iptables guro, i just
want to close all exept from ssh(port 22), pop3(port 110) and
imap(port143). Is there and easy way to do this.
well, it's better to replace DROP by ACCEPT in this last line if you want to
accept the packets ;)
Damm ;)
Sure you are right; sorry , my fault.
I was a bit sleepy while writing this
--
Michael carstein Melewski | One day, he said, in a taped segment
[EMAIL PROTECTED]
Here is where i am now - if i dont run iptables it all works - for some
reason closing all the ports and setting the deafult policy to deny dosent
seam to work (if i then after set smtp, pop3 ssh to allow). But setting
the default policy to allow and then useing nmap to detect what ports that
are
Sorry!
I cannot see this :)
Normally we use the smtp protocol not imap!
Thanks.
True, but the necessary ports are 22, 110 and 143. Port 25 is for smtp
which Lars didn't want to open.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Here is where i am now - if i dont run iptables it all works - for some
reason closing all the ports and setting the deafult policy to deny dosent
seam to work (if i then after set smtp, pop3 ssh to allow). But setting
the default policy to allow and then useing nmap to detect what ports that
58 matches
Mail list logo
