Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Iptables Script / Tutorial

  1. #11
    str34m3r
    Guest
    I was sure that forum moderators could move posts to other forums...
    I was under that impression too, but Neg said he could move threads that didn't belong out of the forum but he couldn't move threads that did belong here into the forum. Or at any rate, not from a forum that he doesn't moderate like the firewall forum.

  2. #12
    Junior Member
    Join Date
    Oct 2001
    Posts
    18

    IPTABLES save error!!

    Hey guys i am having a little problem trying to get my iptables to save.I copied str34m3r s rules into a file (rc.firewall) and then ran it with root permissions "/etc/rc.firewall" and then when i tryed to save the file " service iptables save " i get an error "/etc/init.d/iptables: line 173: syntax error: unexpected end of file " Any ideas on whats wrong???

    I am using: kernel 2.4.18 - Iptables 1.2.6a <----- i looked for some maybe problems savings for these iptables but cant find anythng.

  3. #13
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    Hi Kurupt007,
    This is what I did (thanks to RiOter and evil_enchilada). I entered
    the rules I wanted to use from St34m3rs tutorial via the command line.
    Then I did iptables-save /etc/iptables.conf from the command line.
    Then I did went to the rc.local file and added this line to the file
    iptables-restore /etc/iptables.conf

    Your way is probably better, but this is working for me. Every time I
    reboot the iptables reload. Seems to be working.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  4. #14
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    OK,
    Str34m3r, here's something I'd like you to talk about. How do you do logging for
    an iptables firewall? Let's say I wanted to log all dropped TCP, IMCP, and selected
    UDP packets. And let's also say, I wanted to log all dropped OUTPUT packets. How would I do that? Thanks.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  5. #15
    str34m3r
    Guest
    This is the easiest way I know how to do it:
    Code:
    # Create another chain to do the work for you
    iptables -N LOGDROP
    
    # Then you'll need to put rules in that chain that will log and then drop the packets as you mentioned
    iptables -A LOGDROP -j LOG --log-level 7
    iptables -A LOGDROP -j DROP
    Then whenever you want to log and drop a packet, you would send the packets to the logdrop chain like this:
    Code:
    iptables -A INPUT -j LOGDROP ...blah, blah, blah... mean packet ...blah, blah, blah...
    And because you used log-level 7 (which is the debug level), you can easily distinguish the iptables messages. If you put this line in /etc/syslog.conf :
    Code:
    kern.=debug          /var/log/iptables
    then syslog will filter out all the iptables traffic and put it in its own separate file. You'll also have to add 'kern.!=debug' to the line that already handles the kernel logs or else you'll see them in two files.

  6. #16
    Senior Member
    Join Date
    May 2002
    Posts
    344

    I guess we'll have to agree to disagree on this one. I do agree that the internet is a vast public network - full of malicious hackers, worms, and random skiddies on my subnet who just downloaded a new hacker tool. I do my best to make them think I don't exist.
    If the skiddies are on your subnet then how can you hide your ARP traffic to pretend you dont exist? As far as I am concerned, it is very easy to detect everyone who is active on a subnet. Anyways, please enlighten me, im new to all of this and am curious to learn more
    Support your right to arm bears.


    ^^This was the first video game which i played on an old win3.1 box

  7. #17
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I guess this was bumped for a valid reason. I'm pretty sure if you're going to hide your ARP traffic (hide as in make it nonexistent) then you might as well unplug yourself from the network, because you will be nonexistent to all other machines on the network. I could be wrong though. There's probably a way to deny ARP traffic to hosts you don't explicitly allow. So I guess then you could hide yourself to unauthorized people who plug into your network. And if you're using a switch they can't sniff traffic not designated for them, given that they haven't flooded the arp table on the switch. But what's the point? :P

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •