I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
View 1 RepliesI'm running Ubuntu 9.04 and started messing around with my firewall, it got a little too complecated for me, so I just would like to be able to somehow restore the default iptables setting. Any idea how I can do this?
View 7 Replies View RelatedSo I know Linux has iptables, I'm rather new to linux, and I'm wondering, are the stock settings with Ubuntu/Kubuntu safe? Is there anything I need to do make them more secure? I tried adding rules myself for some things but ended up just not being able to do anything so I had to reset back to stock with iptables -F. Should I be safe running as-is?
View 4 Replies View RelatedI've started a new job and have inherited a couple of RHEL4 64-bit servers. The firewall on them is currently disabled. I'm struggling to get them up and running as iptables is not the most user-friendly application. This lead me to downloading and trying a GUI front-end: Guarddog. Great app! But it doesn't have the default behavior I'm looking for. Here is what I need:
Default behavior: Firewall should be wide open, allowing ALL ports/IP's/TCP/UDP in and out of the server.
Blacklist: Oracle TCP port 1521 needs to be blocked in/out of the server.
This will help get us passed our company's security vulnerability scan. (We aren't able to patch/upgrade Oracle at this time because we'd lose vedor support with a legacy app). I will use these settings as a starting point, and then once I learn more and get more comfortable with iptables (or a GUI app) then I can fine tune things to make them more secure. As far as I know (correct me if I'm wrong) once I get a script I just copy it into /etc/rc.firewall and it will load when iptables starts.
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
How come FC11 is set by default to reset the IPTables firewall to ACCEPT across the board each restart?
View 4 Replies View RelatedDid you play too much with compiz and after-a-while you realize that certain functions are not working anymore?
Well, just follow the steps below:
Quote:
gconftool-2 --recursive-unset /apps/compiz
Then,
Quote:
Restart your PC / lappy
[URL]
I would like to set up a logging system for rtorrent, the only way that i could think of this would be to set up bandwidth moniters in the ip tables but im not sure how to go around this.
View 1 Replies View RelatedI have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system
View 3 Replies View RelatedIn my server the iptables and ip6tables services are not running. But still i am getting some iptables and ip6tables related alerts on my /var/log/messages. My technical leader told me that there might be some mis-configuration in iptables configuration file. But i didnt see anything wrong.
Quote:
Quote:
What does it mean "Jan 25 11:01:32 beteduibsrv3 avahi-daemon[3308]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::226:b9ff:fefc:6ec4."
Im new to fedora 11 and iptables, and i need to set the following set of instruction so VirtuaBox can accept request from lan, to the mailServer in the guest os, but after restart fedora i have to input it all again.How can it become permanent entry in iptables.
View 2 Replies View RelatedThe default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies View RelatedI wish to change the default location of IPtables file from /etc/sysconfig to somewhere else. But i am confisued about it. please help me to solve this problem.
I.E. /etc/sysconfig/iptables to /etc/XXX/iptables
I messed with Ubuntu WAYYY too much. How do I restore the OS back to it's original settings?
View 5 Replies View RelatedI need the command for returning my ubuntu netbook remix (newest version) to default settings. The problem is that when I installed a theme, the next time I booted the OS the screen starts blinking and when I enter my admin password, no icons appear. My laptop is Dell 1525.
View 4 Replies View Relatedthe archive manager in ubuntu uses default settings for archiving files into .7zip
s. but much more compression can be achieved setting the cmpression level
higher from command line. Is there a way I can set that settings as default in Archive manager?
I recently installed the new 11.04 release and was messing around with the Compiz settings on Ubuntu Classic. I tried logging on to regular Ubuntu and everything crashed. When I start up there is no log in screen, only text shows. (I enter my log in information then type 'startx' in the terminal to show my desktop.)
The desktop shows a messed up version of my custom configuration with Cairo-Dock all weird and everything in the wrong place. Also my custom start-up screen that I installed is distorted, and the GRUB screen shows up in purple.
If there was a way to reset Ubuntu 11.04 to the default settings? I tried typing 'unity --reset' in the terminal but it gets stuck at the line 'Setting Update "fullscreen_visual_bell"'.
I changed font settings in appearance utility today. But now desktop appearance and firefox fonts are too bad and I need to set it to default setting. How can I do that?
View 4 Replies View RelatedI'm intending to replace my current router (486DX2 w/16MB running FREESCO which has been faithfully working 24/7 for well over a decade) with a debian box with a bit more grunt and newer features. I'm currently setting up my iptables ruleset and am after a bit of advice re the FORWARD policy. A few example rulesets I have found set the default policy to DROP and the have two lines for each port forward, one to allow the traffic and one to direct the incoming packets to the correct machine.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 10.0.100.10:25
iptables -A FORWARD -i eth1 -p tcp --dport 25 -o eth0 -d 10.0.100.10 -m conntrack --ctstate NEW -j ACCEPT
I'm thinking of setting the default policy to ACCEPT to cut down on typing as my default INPUT policy is DROP and unless there is a valid FORWARD rule for a particular port, the packets aren't going anywhere anyway. Or have I misunderstood something. My googling returned heaps of example scripts & not much intelligent commentary. Alternatively, what do you all use to configure & maintain your debian gateways; hand rolled iptables rules, or any toolset recommendations?
After resetting a pc running lenny I get iptables errors at boot ("resource temporarily unavailable", "bad rule" etc). "setting up firewall" (Guarddog) is not followed by any errors and the firewall apparently operates ok.How can I restore my iptables to the default installation values?
View 2 Replies View RelatedClient which uses an ISP with a Linux machine (Server 1) with two network cards. Eth0 with ip 1.1.1.2 and gateway 1.1.1.1 these ip's is not public ip's and falls unders the isp's internal range, eth1 with the internal ip range. OpenVPN listen on eth0 for incoming connections. We want to connect to Server1 from external networks. Due to different reasons the isp could not get the routing sorted and give us an public ip on his network. We had to setup another bos (Server2) with eth0 2.2.2.5 and gateway 2.2.2.1 which is public ip's and eth1 with ip 3.3.3.5. Server 2 can communicate via the ISP internal network with server 1. I use DNAT to forward all incoming connections on server 2 to server 1 but the problem I have is that server uses its default gateway for the return packages and does not sent the reply back to server 2. My iptables rules looks as follows on server 2.
/usr/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 196.25.157.135 --dport 1194 -j DNAT --to 192.168.100.170:1194
/usr/sbin/iptables -A FORWARD -p udp -i eth0 -d 192.168.100.170 --dport 1194 -j ACCEPT
Alright, I searched the forums, and made google my friend, but I can't find out how to do this. I installed ubuntu earlier today, and it installed right beside windows like it usually does, but it apparently didn't give itself enough room for updates on the default settings. So, here's my gparted screen shot Sorry if that screenie is HUGE. The most I've gotten toward a solution is formatting the unalocated space and then trying to merge things, which I'm trying now. However, any other help, including details more specfic other than "format the unallocated and then try again" would be awesome.
View 3 Replies View Relatedhow to set default proxy settings for java? Windows allows you to do this in control panel-java. Does Ubuntu have something similar? Its causing my java apps to time out and Firefox to freeze.
Ubuntu 10.04
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1. (6b18-1.8-0ubuntu1)
OpenJDK Server VM (build 14.0-b16, mixed mode)
I have a relative who made the mistake of changing the resolution of her display to something that her monitor does not support. The monitor no longer displays anything.If she connects another monitor to the computer, the monitor will work properly. If she boots off the live CD, her current monitor works properly. If she swaps out her graphics card with another with the current monitor, there is no display.Apparently, there is a remembered setting for the resolution of her particular monitor. Is there a way that it can be reset back to the default?
View 5 Replies View RelatedIn ubuntu 10.04 and 10.10 there is now xorg file. Is there some way to merge the default graphic settings with my own xorg file? I'm currently needing to use and xorg file for my via graphics cards, which works fine. However, some functionality is missing. the icons have lost transparency and the unity menu doesn't allow click and drag scrolling anywhere (like a tablet). If I delete the xorg file and run the default, I get all the crisp clear cut of unity but of course I get performance problems everywhere else... i.e I cant plug a multiple screen in and video playback is crap.
View 7 Replies View RelatedI accidentally screwed it up.
View 6 Replies View RelatedI've had this computer for a few days. I was playing around with it trying to get the multiple desktop cube.I wanted to restore it back, however every setting had dependencies with other settings so now my unity interface is unusable.the problems are
-no taskbar and no lancher
-some keycommands don't work(Ctrl-alt-t no longer opens a terminal, it used to)
-can't log off
how do i restore it to factory settings I messed it up using CCSM or whatever it's called
I was using Xubuntu 9.04 and recently installed 10.04. I have separate / - 20 GB, swap - 1GB and /home - 80GB partitions. I had formatted only the / partition and installed 10.04. I have copied users information from 9.04 to 10.04. I can log into newly installed 10.04 system. But the desktop menus and appearance is that of 9.04. I would like to change it to default 10.04 desktop menus and appearances. I have used command rm -rf .gnome .gnome2 .gconf .gconfd .metacity and re logged into my system. But still the desktop menus and appearance didn't change. How can I restore 10.04 xubuntu default desktop menus and appearance settings?
View 2 Replies View RelatedUnfortunatly I seem to have accidentally deleted the top panel from Ubuntu 10.04. How can I restore the default panels? I am panicking right now UPDATE: I have managed to manually put everything back in it's place, except the battery indicator. What would this be called?
View 6 Replies View Related