- Posts: 4
- Thank you received: 0
Accept only a specific protocol with iptables/l7filter ?
- dangerous666
- Topic Author
- Offline
- New Member
-
16 years 6 months ago #23727
by nske
Replied by nske on topic Re: Accept only a specific protocol with iptables/l7filter ?
Hello and welcome 
How do you verify that they don't work? What exactly happens?
Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
How do you verify that they don't work? What exactly happens?
Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
- dangerous666
- Topic Author
- Offline
- New Member
-
16 years 6 months ago #23758
by dangerous666
These rules drop eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
Replied by dangerous666 on topic Re: Accept only a specific protocol with iptables/l7filter ?
Hello and welcome
How do you verify that they don't work? What exactly happens?
Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
These rules drop eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
16 years 6 months ago #23779
by Elohim
Replied by Elohim on topic Re: Accept only a specific protocol with iptables/l7filter ?
This isn't even a firewall policy. It merely instructs iptables to list all rules in verbosely.
Anyway... you are trying to make this too difficult for yourself. For something like http, you should just look at the layer 4 port. And make it simple, forward traffic on the input chain and not the forward chain.
iptables -P forward -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
Anyway... you are trying to make this too difficult for yourself. For something like http, you should just look at the layer 4 port. And make it simple, forward traffic on the input chain and not the forward chain.
iptables -P forward -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
Hello and welcome
How do you verify that they don't work? What exactly happens?
Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
This rules drops eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
- dangerous666
- Topic Author
- Offline
- New Member
-
16 years 6 months ago #23878
by dangerous666
The rules I referenced were mine's... I know that what you suggest previously wasn't a firewall policy. I'm not trying to make it more difficult to me, but a need a way to do the inspect in layer 7, cause the protocols i'm working run on several ports and I'm searching for a most fail-proof way as possible to filter these protocols.
When I set my rules, the firewall blocks everything. I would like it to permit only http or any other specified protocol, blocking others.
Thank You in advance.
Replied by dangerous666 on topic Re: Accept only a specific protocol with iptables/l7filter ?
This isn't even a firewall policy. It merely instructs iptables to list all rules in verbosely.
Anyway... you are trying to make this too difficult for yourself. For something like http, you should just look at the layer 4 port. And make it simple, forward traffic on the input chain and not the forward chain.
iptables -P forward -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -j DROP
Hello and welcome
How do you verify that they don't work? What exactly happens?
Try to use [code:1]iptables -L -vv[/code:1] to check what is the terminating rule for your packets.
This rules drops eveything... it's because the first one, according to "iptables -L -vv"... Any ideas?
The rules I referenced were mine's... I know that what you suggest previously wasn't a firewall policy. I'm not trying to make it more difficult to me, but a need a way to do the inspect in layer 7, cause the protocols i'm working run on several ports and I'm searching for a most fail-proof way as possible to filter these protocols.
When I set my rules, the firewall blocks everything. I would like it to permit only http or any other specified protocol, blocking others.
Thank You in advance.
- dangerous666
- Topic Author
- Offline
- New Member
-
Time to create page: 0.150 seconds