Government Security
Network Security Resources

Jump to content

Photo

Ip Tables Config Question

security
  • Please log in to reply
No replies to this topic

#1 Gigantor

Gigantor

    Private

  • Members
  • 2 posts

Posted 21 August 2012 - 05:04 PM

Hi! Thanks for reading my post/question:

I think my eyes are beginning to bleed, I've been recently playing with Iptables - mostly just to get more familiar with them and for fun.
I've been trying my hand at packet filtering, and I put in a rule to match any packets that are not Syn packets that are see as new connections.

Here are the rules I put in:

iptables -N tcpsyncheck
iptables -A tcpsyncheck -p tcp ! --syn -m state --state NEW -j LOGDROP

iptables -A INPUT -p tcp -j tcpsyncheck

My Policy rules are:

INPUT DROP
OUTPUT ALLOW
FORWARD DROP

Currently I have one rule that allows web traffic in:

iptables -A INPUT -p tcp --dport 80 -j logaccept

I have LOGDROP logging the bad packets, but when I do an hping2 -c3 -F targethost -p 80
It seems to end up in my accepted area. I know I'm missing something simple, and I have a feeling that my web rule is taking precedence and allowing it in.
Keep in mind this is not a FW config for security just for me to play with, but I would like to know how to enable port 80 and filter the packets to it that are not initial Syn's.

Thanks for any help in advance!





Also tagged with one or more of these keywords: security