March 28, 2024, 06:24:44 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Need a good iptables script  (Read 3378 times)

Offline anybody1234

  • Linux Noob !
  • *
  • Posts: 29
Need a good iptables script
« on: December 27, 2005, 04:45:09 AM »
Hi all
Sorry for posting this thread in the tutorials section
I as starting this thread fresh again.....

I have requirement in iptables rules as follows
I would need a script for iptables with some configuration option such that
I should be able to make changes in the iptables script for allowing or disallowing requests made by specifc clients on specifid ports
Suppose My cleints have their default gateway set as my linux box
What I would like is block/disallow requests made by clients on ports
80 while allow the requests made on port 25 ,110

But What I would like to have is some granularity ie
If the requests come from specific IP addresses I should have the option of allowing them directly thru port 80

Would anybody please give me step by step process assumimg that I am starting from scratch
I also remember I saw a simliar script in this forum which almost does the same but I can't locate where it is now    

To be more specififc I would use the following commands

Please Let me know If I go wrong anywhere

echo "1" > /proc/sys/net/ipv4/ip_forward

for forwarding packets
and Iptables masquerading rle as
#######################################
iptables -t nat -A POSTROUTING -j MASQUERADE
#####################################
/usr/sbin/iptables-save
##########very imp
iptables-save > /etc/sysconfig/iptables.rules


Now all teh requests thru my gateway would be allowed
FOr blocking requests made on port 80 by all would add folloing rule
###******** this rule blocks all requests coming on port 80 ******************
iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
#*****************************************************

Now I would like to make an exception for IP addresses 192.168.0.82, 192.168.0.110

I would add rule

iptables -A FORWARD -i eth0 -p tcp -m tcp -s ! 192.168.0.82,192.168.0.110 --dport 80 -j DROP

Now at any stage I felt I ned to remove this rule what I would have done manually is

iptables -D FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
and
iptables -D FORWARD -i eth0 -p tcp -m tcp -s ! 192.168.0.82,192.168.0.110 --dport 80 -j DROP

Now I want a script to do the same thing with start stop option
I think our experts can give me a simple script to do the same

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Need a good iptables script
« Reply #1 on: December 29, 2005, 06:11:06 PM »
Well..sorry I am currently out of town but I will sure attempt your query when I will get back. meanwhile search the forum.

Offline ronaldjayr_jover

  • Linux Noob !
  • *
  • Posts: 29
Need a good iptables script
« Reply #2 on: January 03, 2006, 01:22:20 AM »
HI!!

 for allowing certain ip address to port 80 use

  iptables -A INPUT -i eth0 or eth1 -p tcp -m tcp dport 80 -s xxx.xxx.xxx.xxx -j ACCEPT
  iptables -A OUTPUT -i eth0 or eth1 -p tcp -m tcp sport 80 -d xxx.xxx.xxx.xxx -j ACCEPT

  iptables -A INPUT -i eth0 or eth1 -p tcp -m tcp dport 25 & 110 -s xxx.xxx.xxx.xxx/XX -j ACCEPT
  iptables -A OUTPUT -i eth0 or eth1 -p tcp -m tcp sport 25 & 110 -d xxx.xxx.xxx.xxx/XX -j ACCEPT

  then DROP all.

xxx.xxx.xxx.xxx - ip address

 
Try this sir then let me know .

Hope that this help.

Ronald