Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Iptables. Linux

Hi, don't even pretend to know Linux, have a hardware device to configure
And it wants me to add in iptables
Here is the blurb from the manual but it just stops everything talking
 
iptables -F INPUT
iptables -A INPUT -s [ip-address] -j ACCEPT
iptables -A INPUT -j DROP
/etc/init.d/iptables save active
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
/etc/init.d/iptables save inactive
/etc/init.d/iptables stop
/etc/init.d/iptables start
/etc/init.d/network restart

Net effect should be that only the [ip-address] specified can communicate with the HSM. In reality it means no device on the network can communicate with it. Very secure, but not much use!
 
0
mhamer
Asked:
mhamer
  • 3
  • 3
1 Solution
 
JelcinCommented:
Didn't you forget the the output rule for the ip adress?

iptables -A OUTPUT -d [ip-address] -j ACCEPT

0
 
mhamerAuthor Commented:
I don't knowtobe honest hat opting parrot fashion from manual

Is it the case that if it's not specified it will be blocked
 Or areyousayingthisrule missing could  stop it all working?

Cheers

Where would it go 2nd line?
0
 
mhamerAuthor Commented:
I am copying parrot fashion from manual
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
JelcinCommented:
#!/bin/sh

### flush previous rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

## set default policy to drop
iptables -P INPUT -j DROP
iptables -P OUTPUT -j DROP
iptables -P FORWARD -j DROP

### allow local host communication
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

### set rules to communicate only with this ip
iptables -A INPUT -s [ip-address] -j ACCEPT
iptables -A OUTPUT -d [ip-address] -j ACCEPT

Open in new window


I would write the rules like this.
You can put it in a script and let it execute every boot. Or you can type them manualy in command by command and save them with "iptables-save > firewall.log" and restore them with "iptables-restore < firewall.log". But the Iptables will dissappear every reboot so you need to restore them manually every time you reboot.

What Linux Distribution do you use?

 




0
 
mhamerAuthor Commented:
Not sure what version, I'll check when back in work tomorrow,   It's a hardwa device with os built haven't seen version or flavour mentioned yet


Thanks for all your help
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now