home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.os.linux.suse      Suse is actually not that bad      138,051 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 137,582 of 138,051   
   Mohan to All   
   How to configure Iptables in OpenSuse?   
   01 Sep 22 07:22:56   
   
   From: mohanss08@gmail.com   
      
   Hello Experts,   
      
   I am using "openSUSE 12.3" and "iptables version : v1.4.16.3"   
      
   I am trying to enable the iptables rules to allow `22` port for all IPs and   
   `80` & `443` for specific IP addresses with the below commands.   
      
   1)  iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT   
   2) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 80 -j ACCEPT   
   3) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 443 -j ACCEPT   
      
   Then i have restarted the iptables service with below command,   
      
   service SuSEfirewall2 restart   
      
   However from `10.11.12.50` address web server with `80` & `443` are not   
   accessible.   
      
   I can't see the applied rules in the below list.   
      
   # iptables -S   
      
   -P INPUT DROP   
   -P FORWARD DROP   
   -P OUTPUT ACCEPT   
   -N forward_ext   
   -N input_ext   
   -N reject_func   
   -A INPUT -i lo -j ACCEPT   
   -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT   
   -A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT   
   -A INPUT -j input_ext   
   -A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET "   
   --log-tcp-options --log-ip-options   
   -A INPUT -j DROP   
   -A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING "   
   --log-tcp-options --log-ip-options   
   -A OUTPUT -o lo -j ACCEPT   
   -A input_ext -m pkttype --pkt-type broadcast -j DROP   
   -A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT   
   -A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT   
   -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 22 --tcp-flags   
   FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --   
   og-tcp-options --log-ip-options   
   -A input_ext -p tcp -m tcp --dport 22 -j ACCEPT   
   -A input_ext -m pkttype --pkt-type multicast -j DROP   
   -A input_ext -m pkttype --pkt-type broadcast -j DROP   
   -A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK   
   SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options   
   --log-ip-options   
   -A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix    
   SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options   
   -A input_ext -p udp -m limit --limit 3/min -m conntrack --ctstate NEW -j LOG   
   --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options   
   -A input_ext -j DROP   
   -A reject_func -p tcp -j REJECT --reject-with tcp-reset   
   -A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable   
   -A reject_func -j REJECT --reject-with icmp-proto-unreachable   
      
   Kindly let me know what i'm missing with the iptables rule settings?   
      
   Also let me know even after server reboot the rules needs to be applied. It   
   shouldn't be reset to default.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca