How to configure iptables with a DROP policy

tictacbum · Post by **tictacbum** » Sun Jul 17, 2005 4:04 pm

Hi all, I configured a firewall with a DROP policy and cacti can't graph the net.. I have these rules:
/sbin/iptables -A OUTPUT -p icmp -m icmp -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -m udp --dport 135 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 135 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -m udp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT

snmp and pings don't work, any help?
thanks

tictacbum · Post by **tictacbum** » Mon Jul 18, 2005 10:30 am

seems to works with these rules:

# Cacti UDP ping
/sbin/iptables -A OUTPUT -p udp -m udp --dport 33439 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 33439 -m state --state RELATED,ESTABLISHED -j ACCEPT

# SNMP
/sbin/iptables -A OUTPUT -p udp -m udp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT

saveus · Post by **saveus** » Mon Jul 18, 2005 4:04 pm

your server make nat for other computer and you wand disable ,emule winamp , and others ?
if he do not , why do you dont make directly:

iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
and open after only port you need in imput?

Cacti

How to configure iptables with a DROP policy

How to configure iptables with a DROP policy

[solved] How to configure iptables with a DROP policy

Who is online