iptablesrocks.org - Maintaining, modifying and more...
"INPUT" section of the firewall script, you can then import the new firewall with the following command:
iptables-restore < /root/primary_firewall
Wow, now wasn't that easy?
What if I want to close a port?
The answer to this is similar to the previous question. However, you need to remember that your firewall, as it stands now, automatically blocks ALL
inbound, outbound and fowarded traffic by default. The only way that a port gets opened is if there is a rule telling the firewall to open that port.
Let's take an example...
Example:
I was to close TCP port 143 inbound.
In the firewall script that comes with this guide, you will notice the following entry that open up inbound traffic to TCP port 143 (For IMAP). That rule
looks like this:
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
Well, if you wanted to close port 143, all you would have to do is edit the firewall script at /root/primary_firewall and remove that line. Once the line is
gone and you've saved the changes, you would activate the change by re-importing the firewall script back into the iptables ruleset like so
:
iptables-restore < /root/primary_firewall
Now wasn't that easy?
Now, let's take another example so that I can demonstrate something that you
DON'T
need to worry about.
Example:
I want to block all inbound traffic to TCP port 3389.
Again, let's take the firewall that comes with this guide. All of the sudden you get it in your head that you need to close TCP port 3389. What to do?
Well, if you take a look at the firewall script you will notice that TCP port 3389 is not mentioned anywhere in the script and, to be more specific, it is not
mentioned in the "INPUT" portion of the script. Well, since our firewall is configured to block ALL traffic by default and only open ports on request, 3389
is ALREADY CLOSED. In other words, you don't need to worry about that port because it has been automatically closed by the firewall. The only way
it would be open is if you created a specific rule that rquested that the port be open. Get it?
What if I want to completely block someone from my server?
The procedure for this is just the same as the ones above. Basically, all you're going to do is edit the firewall script, add a rule to block whoever, save
the changes and then re-import the firewall script back into the server's ruleset. Easy as hell.
So let's take an example:
Example:
I want to block anyone from the host
1.2.3.4
from accessing my server.
Open the /root/primary_firewall script and add the following line to the INPUT section of the script:
-A INPUT -s 1.2.3.4 -j DROP
Now let's break that down to see what this rule is doing..
-A
- this tells iptables to "append" the new rule to the current iptables ruleset.
INPUT
- The new rule will be appended to the "INPUT" portion of the ruleset, which controls inbound server traffic.
-s
- Specifies the source address of the request. In this case we are specifying
1.2.3.4
as the source.
-j
- Instructs the firewall to "jump" to specified state. In this case, request coming from source
1.2.3.4
"jump" to a DENY state, thus blocking anyone
from that addresss from accessing your server at all.
http://www.iptablesrocks.org/guide/maintain.php (2 of 3) [2/13/2004 8:04:47 PM]
