Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Accept only a specific protocol with iptables/l7filter ?

Accept only a specific protocol with iptables/l7filter ? 9 years 1 month ago #23722

Hi mates,

I would like to know if there's a way to make the iptables l7filter extension work as a filter for all protocols but a specific one. Something like a DROP default policy for a chain and with a accept rule for just one protocol...

It is like:

iptables -P FORWARD -j DROP
iptables -A FORWARD -m layer7 --l7proto http -j ACCEPT

These rules don't work at all for me... How to make the firewall block all the protocols but not http?

Thanks in Advance.
The administrator has disabled public write access.

Re: Accept only a specific protocol with iptables/l7filter ? 9 years 1 month ago #23727

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
Hello and welcome :)

How do you verify that they don't work? What exactly happens?

Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
The administrator has disabled public write access.

Re: Accept only a specific protocol with iptables/l7filter ? 9 years 1 month ago #23758

Hello and welcome :)

How do you verify that they don't work? What exactly happens?

Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.

These rules drop eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
The administrator has disabled public write access.

Re: Accept only a specific protocol with iptables/l7filter ? 9 years 1 month ago #23779

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
This isn't even a firewall policy. It merely instructs iptables to list all rules in verbosely.

Anyway... you are trying to make this too difficult for yourself. For something like http, you should just look at the layer 4 port. And make it simple, forward traffic on the input chain and not the forward chain.

iptables -P forward -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j DROP




Hello and welcome :)

How do you verify that they don't work? What exactly happens?

Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.

This rules drops eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
The administrator has disabled public write access.

Re: Accept only a specific protocol with iptables/l7filter ? 9 years 1 month ago #23878

This isn't even a firewall policy. It merely instructs iptables to list all rules in verbosely.

Anyway... you are trying to make this too difficult for yourself. For something like http, you should just look at the layer 4 port. And make it simple, forward traffic on the input chain and not the forward chain.

iptables -P forward -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
Hello and welcome :)

How do you verify that they don't work? What exactly happens?

Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.

This rules drops eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?

The rules I referenced were mine's... I know that what you suggest previously wasn't a firewall policy. I'm not trying to make it more difficult to me, but a need a way to do the inspect in layer 7, cause the protocols i'm working run on several ports and I'm searching for a most fail-proof way as possible to filter these protocols.

When I set my rules, the firewall blocks everything. I would like it to permit only http or any other specified protocol, blocking others.

Thank You in advance.
The administrator has disabled public write access.

Re: Accept only a specific protocol with iptables/l7filter ? 8 years 10 months ago #24803

Any help?
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup