[cochiselinux] ipchains, iptables logging

• From: cochisecc/prevettl <prevettl@xxxxxxxxxxx>
• To: cochiselinux@xxxxxxxxxxxxx
• Date: Tue, 4 Nov 2003 22:03:40 -0700 (MST)

Hi all,

Tuesday night we goofed around with ipchains and iptables.
Took some notes, thought might be useful.

Turned the firewall off, logged everything,
accessed a web site, analyzed the logs
in /var/log/messages to get the rule set.

ipchains (default for RH 6-7.3) and 
iptables (default for RH 8-9) were used.

 ##### IPCHAINS ########################### 
 # define a variable for all ip addresses
 ALL="0.0.0.0/0"

 # turn off ipchains, accept and log everything

 # flush the chains
 ipchains -F input
 ipchains -F output
 ipchains -F forward

 # default policy - accept everything
 ipchains -P input ACCEPT
 ipchains -P output ACCEPT
 ipchains -P forward ACCEPT

 # log udp traffic
 ipchains -A input -i eth0 -p udp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A output -i eth0 -p udp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A input -i eth1 -p udp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A output -i eth1 -p udp -s $ALL -d $ALL -j ACCEPT -l

 # log tcp traffic
 ipchains -A input -i eth0 -p tcp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A output -i eth0 -p tcp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A input -i eth1 -p tcp -s $ALL -d $ALL -j ACCEPT -l
 ipchains -A output -i eth1 -p tcp -s $ALL -d $ALL -j ACCEPT -l

 ####### IPTABLES ################################ 
 #turn off iptables, accept and log everything

 # RH 7,8,9
 /sbin/iptables -X
 /sbin/iptables --flush
 /sbin/iptables --policy INPUT ACCEPT
 /sbin/iptables --policy OUTPUT ACCEPT
 /sbin/iptables --policy FORWARD ACCEPT

 # turn on logging >_first_< otherwise won't work ...
 # log and accept udp packets
 iptables -A INPUT -i eth0 -p udp -s $ALL -d $ALL -j LOG
 iptables -A OUTPUT -o eth0 -p udp -s $ALL -d $ALL -j LOG
 iptables -A INPUT -i eth0 -p udp -s $ALL -d $ALL -j ACCEPT
 iptables -A OUTPUT -o eth0 -p udp -s $ALL -d $ALL -j ACCEPT

 # log and accept tcp packets
 iptables -A INPUT -i eth0 -p tcp -s $ALL -d $ALL -j LOG
 iptables -A OUTPUT -o eth0 -p tcp -s $ALL -d $ALL -j LOG
 iptables -A INPUT -i eth0 -p tcp -s $ALL -d $ALL -j ACCEPT
 iptables -A OUTPUT -o eth0 -p tcp -s $ALL -d $ALL -j ACCEPT
###############################################################

# define some variables
ALL="0.0.0.0/0"   #any ip address 
HIGH="1024:65535" #high ports
IP="192.168.1.2"  #my ip or ...
 # script to set ip address
 IP=`ifconfig -a | grep "192.168." | awk '{print $2}' | cut -c6-`
 echo ip addr = $IP

# example traffic generated when accessing http://216.239.57.99 (google)
IN=eth0 SRC=216.239.57.99 DST=192.168.1.2 PROTO=TCP SPT=80 DPT=1184 
# iptables rule
iptables -A INPUT -i eth0 -p tcp -s $ALL --sport 80 -d $IP --dport $HIGH -j 
ACCEPT

# another one
OUT=eth0 SRC=192.168.1.2 DST=216.239.57.99 PROTO=TCP SPT=1184 DPT=80 
iptables -A OUPUT -o eth0 -p tcp -s $IP --sport $HIGH -d $ALL --dport 80 -j 
ACCEPT

lp


--------------------------------------------------------------------
Cochise Linux Users Group Mailing List - cochiselinux@xxxxxxxxxxxxx
For more information:  http://www.cochiselinux.org
To unsubscribe: //www.freelists.org/list/cochiselinux

Other related posts:

• » [cochiselinux] ipchains, iptables logging

1. Home
2. cochiselinux
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---