Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: iptables & tcp wrappers
From: Bowes, Ronald (EST) (RBowesgov.mb.ca)
Date: Mon Sep 27 2004 - 10:27:46 CDT
There's a fantastic tutorial on iptables at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html. I knew
absolutely nothing about iptables when I started reading it, and now I feel
comfortable doing anything with it. It really is amazingly powerful if you
There is a section there about how to log to syslog, which can be retrieved
Hope that helps!
Information Protection Centre
Government Of Manitoba
From: Meatplow [mailto:gregmeatplow.com]
Sent: Friday, September 24, 2004 3:57 PM
Subject: iptables & tcp wrappers
-----BEGIN PGP SIGNED MESSAGE-----
I'm running RH Enterprise edition.
I'm relatively new to iptables. I am getting the common intrusion
attempts with some of the common uses of test/guest/root/ and a
couple others I've been able to add the IPs to the to iptables.,
I'd really like a log that tells me the info that I want to know.
My basic input command is this :
#iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP
iptables seem a little convoluted. Example. To delete a line -
supposedly give it a line and it will be deleted/modified. My
problem is even with #iptable -L -v there is no line number ?
My goal is to block all incoming ssh attempts except IP#.
This is where I got into hosts.allow/deny as mentioned below.
I've tried to find many different types of commands and it works to
some degree, but not the way I'd expect it to.
Any help would be appreciated. I'm not completely sure that I
understand iptables as well as I want/need to. I've also toyed
around with the hosts.allow/hosts.deny and have not been successful.
I know that there is a lot of info in here, and I'm tired. I'll
leave it at that
Thanks in advance for your time and help.
greg ta meatplow.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
Fedora-config-list mailing list