On 06/30/2017 10:12 AM, Rick Stevens wrote: > On 06/29/2017 07:20 PM, Doug wrote: >> >> On 06/29/2017 09:08 PM, JD wrote: >>> >>> >>> On 06/29/2017 07:48 PM, Doug wrote: >>>> >>>> On 06/29/2017 08:32 PM, JD wrote: >>>>> >>>>> >>>>> On 06/29/2017 07:10 PM, jdow wrote: >>>>>> iptables -t filter -A IN_public_deny -p tcp --dport pop3s --syn -m >>>>>> recent --name pop3s_attack --rcheck --seconds 90 --hitcount 2 -j >>>>>> LOG --log-prefix 'SSH2 REJECT: ' --log-level info >>>>> My iptables replied: >>>>> iptables: No chain/target/match by that name. >>>>> >>>>> How is it created? >>>> >>>> How is WHAT created? I'm snowed! >>>> --doug >>> The CHAIN Doug. >>> iptables says there is no such chain to add a new rule to. >>> >>> In this case, the chain name is IN_public >>> >>> I tried all capitals for the chain name, to no avail. >> I give up. This is all Greek to me. I just want to get a little security >> from malware. > > Just to clarify, firewalld and its various control programs (firewall- > config, et al) is just a mechanism to manipulate iptables. iptables is > still the actual firewall mechanism. > > That being said, the "IN_public_deny" iptables chain for the "filter" > table is created by firewalld on startup. By default, the "filter" table > in iptables only has the INPUT, FORWARD and OUTPUT chains. Any new > chains must first be created using "iptables -N new-chain-name" (which > firewalld does), then rules can be added to that chain. You also would > need to reference that new chain somehow from the INPUT chain. If you're > not using firewalld, you'd need _insert_ Joanne's rule somewhere in the > default INPUT chain before the final "DROP" or "REJECT" lines (not > append it to the end). > > If you _are_ using firewalld and are interested in this enough, have a > look at the rules firewalld created by entering (as root): > > iptables -L -n > > Also have the firewalld config GUI open so you see the iptables rules > map against firewalld. You'll see that the iptables "filter" table's > INPUT chain references an "INPUT_ZONES" chain. This is the iptables > manifestation of the zones referenced in firewalld. > > This chain, in turn, references an "IN_public" chain (which is the > actual iptables manifestation of the "public" zone in the firewalld > config). > > The "IN_public" chain then references the "IN_public_allow" chain first > (which is the iptables manifestation of firewalld's allowed ports--e.g. > the "checked" boxes under "services" and "ports"), then the > "IN_public_deny" chain (which, by default, rejects all connections). > Et, voila! > > Yes, it's convoluted but this multiple chain layout is a convenient way > to map iptables rules to a GUI-based firewall manager. I'm sure it could > be done better, but it's really not as bad as it first appears. Oh, and I should have mentioned that Joanne's rule COULD be added via firewall-config's "Rich Rules" tab and it'd be inserted in the right spot in iptables. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Whoever said "Money can't buy happiness" obviously never had any - - money! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
