FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-01-2008, 11:07 PM
"Sam Kuper"
 
Default iptables and ntp (SOLVED)

OK, I've solved this now, with some degree of trial and error, combined with reading the logs. I've included the changed rules below. If anyone notices a glaring error in what I've done, please let me know!

2008/11/1 Sam Kuper <sam.kuper@uclmail.net>

[...] I am having some trouble with ntp and iptables.*[...]Here is my iptables ruleset (which is based on the one Michael Rash provides in his book Linux Firewalls):

### ACCEPT rules$IPTABLES -A INPUT -i eth0 -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT*$IPTABLES -A INPUT -i eth0 -p udp --sport 123 -m state --state NEW,ESTABLISHED -j ACCEPT # SPK for ntpd

$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
Second line should have been:$IPTABLES -A INPUT -p udp --dport 123 -m state --state NEW -j ACCEPT

*
### anti-spoofing rules

$IPTABLES -A OUTPUT -s ! $INT_NET -j LOG --log-prefix "SPOOFED PKT "$IPTABLES -A OUTPUT -s ! $INT_NET -j DROP
Inserted new rule in front of the two above:
$IPTABLES -A OUTPUT -s 127.0.0.1 -j ACCEPT
Hope this helps someone,
Sam*

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 03:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org