Thread: iptables problem
View Single Post
Old 02-12-2008   #1 (permalink)
AmunRa
Registered Member
 
AmunRa's Avatar
 
Join Date: Apr 2007
Location: Annapolis, MD
Posts: 73
iptables problem
Hey guys-- I hope shmoocon went well. I have been hard at work here on a few projects of mine, and was wondering if anyone could give me some insight as to why this configuration file was not working correctly.

Code:
#! /bin/bash
# iptables configuration file for projectobvious.com

# Enable stateful filtering allowing connections initiated on host be allowed.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

# Allow Incoming SSH on port 22
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# Prevent brute-forcing of SSH connections.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP

# Allow Everything from the local host
iptables -A INPUT -s 127.0.0.1 -j ACCEPT

# Block Outgoing SSH connections to prevent connection bouncing
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j DROP

# Block Everything else
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
Any insight would be appreciated.
__________________
-AR
Please be offended by my post.
"Well, someone scraped the bottom of the gene pool when they made her."
"Don't you usually vacuum that kinda stuff up?"
AmunRa is offline   Reply With Quote