Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Need iptables help

  1. #11
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Need iptables help

    Apparmor or browser security (though they can go hand in hand) are good spots to pick up. Apparmor may be a little difficult if you had trouble with iptables but you can give it a shot.

    Also check out https://wiki.ubuntu.com/BasicSecurity

    Might help. Have fun

  2. #12
    Join Date
    Jan 2012
    Beans
    37

    Re: Need iptables help

    I finished a clean install less than an hour ago. I did all the updates and had iptables setup before connecting to the internet.

    rkhunter -c shows:

    /usr/bin/unhide.rb [ Warning ]
    Checking for passwd file changes [ Warning ]
    Checking for group file changes [ Warning ]
    Checking for hidden files and directories [ Warning ]

    chkrootkit shows:
    Searching for Suckit rootkit... Warning: /sbin/init INFECTED

    The following suspicious files and directories were found: /usr/lib/pymodules/python2.7/.path /usr/lib/jvm/.java-1.6.0-openjdk.jinfo

    wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[892], /sbin/dhclient (deleted)[2596])

    user bluntman deleted or never logged from lastlog!

    The tty of the following user process(es) were not found
    in /var/run/utmp !
    ! RUID PID TTY CMD
    ! root 1146 tty7 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch -background none





    Any idea what gvfsd is and how to get rid of it?

    sudo netstat -antp
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 17997/cupsd
    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 9374/master
    tcp 0 0 192.168.1.3:51495 74.125.45.105:80 ESTABLISHED 30531/firefox
    tcp 1 0 192.168.1.3:34902 91.189.89.31:80 CLOSE_WAIT 2738/gvfsd-http
    tcp 0 0 192.168.1.3:51497 74.125.45.105:80 ESTABLISHED 30531/firefox
    tcp 38 0 192.168.1.3:45520 91.189.89.106:443 CLOSE_WAIT 2738/gvfsd-http
    tcp 1 0 192.168.1.3:43680 91.189.89.106:80 CLOSE_WAIT 2738/gvfsd-http
    tcp 38 0 192.168.1.3:45529 91.189.89.106:443 CLOSE_WAIT 2738/gvfsd-http
    tcp 1 0 192.168.1.3:43684 91.189.89.106:80 CLOSE_WAIT 2738/gvfsd-http
    tcp 38 0 192.168.1.3:40269 91.189.89.105:443 CLOSE_WAIT 2738/gvfsd-http
    tcp 1 0 192.168.1.3:34896 91.189.89.31:80 CLOSE_WAIT 2738/gvfsd-http
    tcp 0 0 192.168.1.3:51496 74.125.45.105:80 ESTABLISHED 30531/firefox
    tcp 1 0 192.168.1.3:46644 91.189.89.105:80 CLOSE_WAIT 2738/gvfsd-http
    tcp6 0 0 ::1:631

    sudo lsof -i -n -P
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    avahi-dae 757 avahi 13u IPv4 668 0t0 UDP *:5353
    avahi-dae 757 avahi 14u IPv6 669 0t0 UDP *:5353
    avahi-dae 757 avahi 15u IPv4 670 0t0 UDP *:41723
    avahi-dae 757 avahi 16u IPv6 671 0t0 UDP *:58306
    dhclient 2596 root 6u IPv4 19190 0t0 UDP *:68
    gvfsd-htt 2738 bluntman 9u IPv4 70179 0t0 TCP 192.168.1.3:45520->91.189.89.106:443 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 12u IPv4 70180 0t0 TCP 192.168.1.3:34896->91.189.89.31:80 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 14u IPv4 72916 0t0 TCP 192.168.1.3:40269->91.189.89.105:443 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 15u IPv4 72944 0t0 TCP 192.168.1.3:34902->91.189.89.31:80 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 16u IPv4 71607 0t0 TCP 192.168.1.3:46644->91.189.89.105:80 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 17u IPv4 70212 0t0 TCP 192.168.1.3:43680->91.189.89.106:80 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 18u IPv4 73878 0t0 TCP 192.168.1.3:45529->91.189.89.106:443 (CLOSE_WAIT)
    gvfsd-htt 2738 bluntman 20u IPv4 73879 0t0 TCP 192.168.1.3:43684->91.189.89.106:80 (CLOSE_WAIT)
    master 9374 root 12u IPv4 76749 0t0 TCP *:25 (LISTEN)
    http 9638 root 3u IPv4 568608 0t0 TCP 192.168.1.3:46074->204.45.82.194:80 (CLOSE_WAIT)
    http 9639 root 3u IPv4 571616 0t0 TCP 192.168.1.3:45523->91.189.92.169:80 (ESTABLISHED)
    cupsd 17997 root 9u IPv6 48150 0t0 TCP [::1]:631 (LISTEN)
    cupsd 17997 root 10u IPv4 48151 0t0 TCP 127.0.0.1:631 (LISTEN)
    firefox 30531 bluntman 63u IPv4 566986 0t0 TCP 192.168.1.3:46659->74.125.47.139:80 (ESTABLISHED)
    firefox 30531 bluntman 64u IPv4 566987 0t0 TCP 192.168.1.3:43649->74.125.65.139:80 (ESTABLISHED)
    Last edited by jpdeaton; January 23rd, 2012 at 07:20 AM.

  3. #13
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Need iptables help

    It's a backend for the gvfs hal. Basically it allows you to mount USB and other devices in a dav like fashion.

  4. #14
    Join Date
    Jan 2012
    Beans
    37

    Re: Need iptables help

    how would i allow IMAP port 993 and SMTP port 465 for email/thunderbird?

  5. #15
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Need iptables help

    If you look back at the original script I gave you

    Code:
    #!/bin/bash
    
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP
    
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    
    iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 67 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 67 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    
    # Add any other ports you need to reach external services in the format above
    it contains a comment that explains how to allow other external services.

    so your format is basically

    Code:
    iptables -A OUTPUT -p tcp --dport $portnumber -j ACCEPT
    Does that make sense?

  6. #16
    Join Date
    Jan 2012
    Beans
    37

    Re: Need iptables help

    yea, thanks

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •