Re: Firewall setting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

update: Related to ftp

http://www.kalamazoolinux.org/presentations/20010417/conntrack.html

at very end of article there is additional explanation related to ftp
/ iptables

Regards

Elvir

On 9/8/07, Elvir Kuric <omasnjak@xxxxxxxxx> wrote:
> Dear Edward,
>
> it is not very clear what you want to make. If you want to allow ssh
> connections to specific host AFAIK the below can help
>
> #!/bin/bash
>
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
>
> iptables -X
> iptables -t nat -X
> iptables -t mangle -X
>
> # Setting policies....Drop everything and later allow what you need
>
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD DROP
>
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
>
> Related to ftp, in the following link you will find explanation
> related ( or some other source ) to how ftp works.
> Link:
> http://slacksite.com/other/ftp.html#active
>
> Best wishes
>
> Elvir Kuric
>
> PS: what you mean by this  "  file 1 " " file 2 "
>
>
>
>
> On 9/8/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:
> > Dear All,
> >
> > For the Firewall setting, how can we use the ftp and ssh service ?
> >
> > For file 1 :
> >
> > #!/bin/bash
> >
> > modprobe ip_tables
> > modprobe ip_nat_ftp
> > modprobe ip_conntrack
> > modprobe ip_conntrack_ftp
> >
> > iptables -F
> > iptables -X
> > iptables -F -t nat
> > iptables -X -t nat
> > iptables -F -t mangle
> > iptables -X -t mangle
> >
> > iptables -P OUTPUT ACCEPT
> > iptables -P FORWARD ACCEPT
> > iptables -t nat -P OUTPUT ACCEPT
> > iptables -t nat -P PREROUTING ACCEPT
> > iptables -t nat -P POSTROUTING ACCEPT
> > iptables -t mangle -P PREROUTING ACCEPT
> > iptables -t mangle -P POSTROUTING ACCEPT
> > iptables -t mangle -P INPUT ACCEPT
> > iptables -t mangle -P OUTPUT ACCEPT
> > iptables -t mangle -P FORWARD ACCEPT
> >
> > For file2
> >
> > iptables -P INPUT DROP
> > iptables -A INPUT -i lo -j ACCEPT
> > iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> > iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> > iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> >
> > Edward.
> >
> >
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux