Page 1 of 1

Testing IPTables

Posted: 2007/10/25 14:11:36
by cryingvalor
Hey guys im trying to test this simple IPTables i placed in a script in my centos box.

iptabels -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -P TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT

im trying to test this using NMAP, i tried to NMAP it using -sT,-sS ...etc
but i always recieved "operation not permitted" but if i removed the state i just place

iptables -A INPUT -P TCP -j ACCEPT
iptabels -A OUTPUT -p TCP -j ACCEPT

i received a reply displaying the ports.

is there something wrong with the script thats why i cant NMAP it if the state is placed or theres something wrong on how i NMAP it?

Testing IPTables

Posted: 2007/11/07 06:33:27
by yyagol
NMAP uses UDP,ICMP as well and for some reason i don't understand what you did here

[quote]iptables -P OUTPUT DROP
iptabels -A OUTPUT -p TCP -j ACCEPT [/quote]
The way most people use iptables with basic rules is with :

[code]iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT[/code]
you do want outgoing traffic ? if you want to control outgoing traffic by limiting ports
then you add the DROP property on OUTPUT and ACCEPT on the specific ports.

BTW iptables -F will not remove the DROP property !!! be ware you can be locked out of
you're server .