Testing IPTables

Support for security such as Firewalls and securing linux
Post Reply
cryingvalor
Posts: 13
Joined: 2007/09/11 03:08:48

Testing IPTables

Post by cryingvalor » 2007/10/25 14:11:36

Hey guys im trying to test this simple IPTables i placed in a script in my centos box.

iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT

im trying to test this using NMAP, i tried to NMAP it using -sT,-sS ...etc
but i always recieved "operation not permitted" but if i removed the state i just place

iptables -A INPUT -P TCP -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT

i received a reply displaying the ports.

is there something wrong with the script thats why i cant NMAP it if the state is placed or theres something wrong on how i NMAP it?

yyagol
Posts: 1015
Joined: 2006/06/10 18:27:44
Location: 32 4′N 34 47′E
Contact:

Testing IPTables

Post by yyagol » 2007/11/07 06:33:27

NMAP uses UDP,ICMP as well and for some reason i don't understand what you did here

[quote]iptables -P OUTPUT DROP
iptabels -A OUTPUT -p TCP -j ACCEPT [/quote]
The way most people use iptables with basic rules is with :

[code]iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT[/code]
you do want outgoing traffic ? if you want to control outgoing traffic by limiting ports
then you add the DROP property on OUTPUT and ACCEPT on the specific ports.

BTW iptables -F will not remove the DROP property !!! be ware you can be locked out of
you're server .

Post Reply

Return to “CentOS 4 - Security Support”