How to configure iptables with a DROP policy

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Developers, Moderators

Post Reply
tictacbum
Posts: 4
Joined: Sun Jul 17, 2005 3:59 pm

How to configure iptables with a DROP policy

Post by tictacbum »

Hi all, I configured a firewall with a DROP policy and cacti can't graph the net.. I have these rules:
/sbin/iptables -A OUTPUT -p icmp -m icmp -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -m udp --dport 135 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 135 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p udp -m udp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT

snmp and pings don't work, any help?
thanks
tictacbum
Posts: 4
Joined: Sun Jul 17, 2005 3:59 pm

[solved] How to configure iptables with a DROP policy

Post by tictacbum »

seems to works with these rules:

# Cacti UDP ping
/sbin/iptables -A OUTPUT -p udp -m udp --dport 33439 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 33439 -m state --state RELATED,ESTABLISHED -j ACCEPT

# SNMP
/sbin/iptables -A OUTPUT -p udp -m udp --dport 161 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 161 -m state --state RELATED,ESTABLISHED -j ACCEPT
saveus
Posts: 25
Joined: Sun Jul 10, 2005 5:04 pm

Post by saveus »

your server make nat for other computer and you wand disable ,emule winamp , and others ?
if he do not , why do you dont make directly:


iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
and open after only port you need in imput?
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests