Main Menu

Linux

friends

Banner

Other Stuff

Related Articles

Latest articles

how to copy hidden files from one directory to another
10/03/2010 | mad mad mod

Let's assume that you have a directory "test" containing the following files:  [root@blackmod test]# ls -la
total 8
drwxr-xr-x.  2 root root 4096 2010-03-10 06:11 .
dr-xr-x---. 11 root root 4096 20 [ ... ]


+ Full Story
find files not owned by any user or group
29/12/2009 | mad mad mod

  From time to time you should check your systems for files not owned by any user or group. Every file on a system should have a valid owner (user and group).  The command to search for [ ... ]


+ Full Story
Other Articles
Facebook MySpace Twitter Digg Delicious Stumbleupon Google Bookmarks 

Designed by:
SiteGround web hosting Joomla Templates
Firewall on Fedora Linux E-mail
Security

In a nutshell

The core of the Linux firewall is the netfilter kernel module. To add or remove firewall rules you need the "iptables" application (should already be installed).

 

 

where is the configuration file for iptables?

The actual configuration file is here: /etc/sysconfig/iptables-config. But the firewall rules are saved here: /etc/sysconfig/iptables.

 

 

What are Chains?

A set of firewall rules is called a chain.

With "iptables -L" you can list all chains:

[root@myweb ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

--> no chains defined at the moment.

 

There are 3 predefined (built-in) chains for the filter table (packet filtering):

  • FORWARD
  • INPUT
  • OUTPUT

 

 

What is a Target?

The target defines what to do with a packet that matches the rule.

 

There are 2 important rules:

  • DROP
  • ACCEPT

 

 

Some Examples

We want to drop all outgoing packages to IP 62.112.154.29. To do this we have to add a rule to the (predefined) OUTPUT chain which drops all packes with target IP 62.112.154.29.

 

Before:

[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
64 bytes from 62.112.154.29: icmp_seq=1 ttl=54 time=25.8 ms
64 bytes from 62.112.154.29: icmp_seq=2 ttl=54 time=19.4 ms
64 bytes from 62.112.154.29: icmp_seq=3 ttl=54 time=19.9 ms
64 bytes from 62.112.154.29: icmp_seq=4 ttl=54 time=20.2 ms

 

Now we add the rule:

[root@myweb ~]# iptables -t filter -A OUTPUT -d 62.112.154.29 -j DROP

 

After:

 
[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

 

Now we delete the rule:

 
[root@myweb ~]# iptables -D OUTPUT -d 62.112.154.29 -j DROP

Comments (0)
Write comment
Your Contact Details:
Comment:
[b] [i] [u] [url] [quote] [code] [img]   
:D:angry::angry-red::evil::idea::love::x:no-comments::ooo::pirate::?::(
:sleep::););)):0
Security
Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."
 
mad mad mod, Powered by Joomla! and designed by SiteGround web hosting