iptables

[vixio_dv]

i try to start iptables with rules accept only port 29000, pwadmin port, and mysql port


server run normal, but when i open /var/log/

Code:

kernel: [86182.321553] iptables denied: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=18486 DF PROTO=UDP SPT=46748 DPT=11100 LEN=50

this port for gamedbd and gdeliveryd this will effect at game? make rollback or what?

---------- Post added at 08:30 PM ---------- Previous post was at 08:19 PM ----------

solved, i add local rules

iptables -I INPUT 1 -i lo -j ACCEPT

[MentaL]

[Romulan]

What do you want to do with iptable?

[Souris]

Sample iptables rules

Code:

# remove everything
iptables -F
iptables -X
# accept established connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# accept local traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s <server> -j ACCEPT
# add additional accept rules here such as ssh and web traffic
# log and drop remaning packets
iptables -A INPUT -j LOG --log-prefix 'Iptables denied: '
iptables -P INPUT DROP
iptables -P FORWARD DROP

this leave output policy open, which imo is fine. What you're missing are the first few rules to allow local and existing traffic.

[vixio_dv]

this still blocked some ip, dont know why..

Code:

kernel: [87424.865112] iptables denied: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:c9:49:be:5f:08:00SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=143 TOS=0x00 PREC=0x00 TTL=128 ID=26515 PROTO=UDP SPT=17500 DPT=17500 LEN=123

---------- Post added at 08:45 PM ---------- Previous post was at 08:43 PM ----------

What do you want to do with iptable?

only want try

[Souris]

Code:

kernel: [87424.865112] iptables denied: 
IN=eth0 <- this packet come from outside (aka internet)
 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:c9:49:be:5f:08:00
SRC=xxx.xxx.xxx.xxx <- the ip which sent the packet
 DST=255.255.255.255 <- not a valid destination, either buggy or forged packet
 LEN=143 TOS=0x00 PREC=0x00 TTL=128 ID=26515 PROTO=UDP SPT=17500
 DPT=17500 <- port on your server, is it open ? supposed to be ?
 LEN=123

I think its a legit block, and exactly what you should use iptables for, aka protect your server from unwanted "visitors"

[vixio_dv]

port 17500 not open.. i have try to flood my server, and logs show flood from my ip, but packet still sending... not blocked, maybe only filtering packet?

[Souris]

I'm not 100% sure of what you mean, if you mean packet are logged but still pass through, then you need to use:

Code:

iptables -P INPUT DROP
iptables -P FORWARD DROP

Mean set default policy to DROP for any packet that wasn't matched by any rule (as usual with iptables, be careful to not lock yourself out).

See: https://help.ubuntu.com/community/IptablesHowTo and more advanced fail2ban and iptables < System | The Art of Web

[vixio_dv]

here my configuration

Code:

Chain INPUT (policy ACCEPT 955K packets, 160M bytes)
 pkts bytes target     prot opt in     out     source               destination
 546K  207M ACCEPT     all  --  lo     any     anywhere             anywhere
 485K   59M ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  272 15736 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  228 13680 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  274 34211 DROP       all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2012K packets, 512M bytes)
 pkts bytes target     prot opt in     out     source               destination

[pwlover]

how to set configuration to protect our server from unwanted visitors or attacked or flooded by same hackers?

[vixio_dv]

how to set configuration to protect our server from unwanted visitors or attacked or flooded by same hackers?

just increase your connection, i already get ddos 11,2Gbps, cissco or other firewall will not work, 1 solution : Null Router
when you have 100Mbps connection on your server and you got DDoS 110Mbps, no one firewall can help you from ddos, i already ask to all hoster, gigenet have proxy shield but they ask me about more then $10000/m

[ivanaivana]

You can edit iptables rules with Firestarter. I think this is easyer than manually editin' iptables.

[das7002]

here my configuration

Code:

Chain INPUT (policy ACCEPT 955K packets, 160M bytes)
 pkts bytes target     prot opt in     out     source               destination
 546K  207M ACCEPT     all  --  lo     any     anywhere             anywhere
 485K   59M ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  272 15736 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  228 13680 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:port
  274 34211 DROP       all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2012K packets, 512M bytes)
 pkts bytes target     prot opt in     out     source               destination

I suggest installing Webmin, it is a very awesome and noob friendly control panel for configuring servers, and it is open source

Some people like to whine about it though especially a lot of people on the ubuntu forums
They seem to recommend eBox a lot, I particularly never have used it simply because I just love how simple webmin is and does its job well but feel free to try both


(It would allow you to setup the firewall many times easier then trying to remember all those damn parameters you need)