NetStumbler.org Forums

Go Back   NetStumbler.org Forums > Software > Unix/Linux
Reload this Page iptables problem
Register Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 02-12-2008   #1 (permalink)
AmunRa
Registered Member
 
AmunRa's Avatar
 
Join Date: Apr 2007
Location: Annapolis, MD
Posts: 73
iptables problem
Hey guys-- I hope shmoocon went well. I have been hard at work here on a few projects of mine, and was wondering if anyone could give me some insight as to why this configuration file was not working correctly.

Code:
#! /bin/bash
# iptables configuration file for projectobvious.com

# Enable stateful filtering allowing connections initiated on host be allowed.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

# Allow Incoming SSH on port 22
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# Prevent brute-forcing of SSH connections.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP

# Allow Everything from the local host
iptables -A INPUT -s 127.0.0.1 -j ACCEPT

# Block Outgoing SSH connections to prevent connection bouncing
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j DROP

# Block Everything else
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
Any insight would be appreciated.
__________________
-AR
Please be offended by my post.
"Well, someone scraped the bottom of the gene pool when they made her."
"Don't you usually vacuum that kinda stuff up?"
AmunRa is offline   Reply With Quote
Old 02-13-2008   #2 (permalink)
streaker69
Psychic Amish Stumbler
 
streaker69's Avatar
 
Join Date: Jul 2004
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
Posts: 11,592
Shmoocon is this weekend, I thought you were going to make it.
__________________
"One of these days, I'm going to cut you to pieces."

If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum.

Thank you.
streaker69 is offline   Reply With Quote
Old 02-13-2008   #3 (permalink)
AmunRa
Registered Member
 
AmunRa's Avatar
 
Join Date: Apr 2007
Location: Annapolis, MD
Posts: 73
Hey Streaker--

I meant to say "goes well." I actually cannot make it, as the Navy has me doing a few other things this coming weekend.

I also figured out my iptables problem, but thanks anyway.

Quote:
# Block Outgoing SSH connections to prevent connection bouncing
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j DROP
should have read

Quote:
# Block Outgoing SSH connections to prevent connection bouncing
iptables -A FORWARD -p tcp -m tcp --dport 22 -j DROP
__________________
-AR
Please be offended by my post.
"Well, someone scraped the bottom of the gene pool when they made her."
"Don't you usually vacuum that kinda stuff up?"
AmunRa is offline   Reply With Quote
Old 02-13-2008   #4 (permalink)
streaker69
Psychic Amish Stumbler
 
streaker69's Avatar
 
Join Date: Jul 2004
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
Posts: 11,592
I think you need to get your priorities straight. what's more important? Your career with the navy or coming out and having some beer with a bunch of nutcases you only know from the inturweb?
__________________
"One of these days, I'm going to cut you to pieces."

If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum.

Thank you.
streaker69 is offline   Reply With Quote
Old 02-13-2008   #5 (permalink)
ccie4526
My search-fu is weak!
 
ccie4526's Avatar
 
Join Date: Jun 2002
Location: West BFE, Texas
Posts: 406
Quote:
Originally Posted by streaker69 View Post
I think you need to get your priorities straight. what's more important? Your career with the navy or coming out and having some beer with a bunch of nutcases you only know from the inturweb?
Heh, he's not the only one. I obviously have my priorities incorrectly arranged as well.

Just found out that when I get finished in Denver, I'm going to Johnson City, TN. Bleh.
__________________
---
<#include std.disclaimer.h>
AltarThug of Wired and Unwired, The Church of WiFi
http://www.churchofwifi.org
http://www.linuxisforbitches.com
http://www.wigle.net
http://www.kismetwireless.net
ccie4526 is offline   Reply With Quote
Old 02-13-2008   #6 (permalink)
DaKahuna
Dirty Ol' Man
 
DaKahuna's Avatar
 
Join Date: Jan 2006
Location: If you find out, let me know!
Posts: 412
Quote:
Originally Posted by streaker69 View Post
I think you need to get your priorities straight. what's more important? Your career with the navy or coming out and having some beer with a bunch of nutcases you only know from the inturweb?
Well you need to check the age of Naval Academy attendee's. He's not 21 so drinking is not something he can legally do, quite yet.

In any case, he's going to be doing a RED TEAM this weekend so he may end up having more fun than us.
DaKahuna is offline   Reply With Quote
Old 02-14-2008   #7 (permalink)
brwrdrvr
Cajun from Hell
 
brwrdrvr's Avatar
 
Join Date: Feb 2005
Location: Capitol City, Louisiana
Posts: 2,998
Quote:
Originally Posted by DaKahuna View Post
Well you need to check the age of Naval Academy attendee's. He's not 21 so drinking is not something he can legally do, quite yet.

In any case, he's going to be doing a RED TEAM this weekend so he may end up having more fun than us.
If RED TEAM in the Navy is anything like OP-FOR in the Army, I would have to say he will have more fun. I loved it when I got to be on an OP-FOR team pitted against the troops that had to do things by the rules. and we could reek havoc on everyone and everything.
__________________
No I do not. I live in my own basement.
brwrdrvr is online now   Reply With Quote
Old 02-15-2008   #8 (permalink)
AmunRa
Registered Member
 
AmunRa's Avatar
 
Join Date: Apr 2007
Location: Annapolis, MD
Posts: 73
Quote:
Originally Posted by DaKahuna View Post
Well you need to check the age of Naval Academy attendee's. He's not 21 so drinking is not something he can legally do, quite yet.

In any case, he's going to be doing a RED TEAM this weekend so he may end up having more fun than us.
Never know. I've been doing some work with iptables in an effort to keep people off my machines, as well as getting my hands on a lot of source code for some exploits.

I'll definitely be at next year's though!
__________________
-AR
Please be offended by my post.
"Well, someone scraped the bottom of the gene pool when they made her."
"Don't you usually vacuum that kinda stuff up?"
AmunRa is offline   Reply With Quote
Reply

« Scanning the waves with a TV Card | Kismet and large filter strings »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 10:35 PM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.