Re: [PLUG] iptables

Cosmin Nicolaescu on 20 Apr 2005 17:06:00 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables

From: Cosmin Nicolaescu <cos@camelot.homelinux.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] iptables

Date: Wed, 20 Apr 2005 13:05:23 -0400 (EDT)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: SquirrelMail/1.4.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, April 20, 2005 12:38 pm, Jeff Abrahamson said: > On Wed, Apr 20, 2005 at 11:01:49AM -0400, Cosmin Nicolaescu wrote: >> > 2. My ssh session's X forwarding is blocked. Oops. >> > [...] >> >> About 2., what do you mean 'blocked' ? Is it blocked by a firewall, or do >> you just not have X11Forwarding enabled (ssh -X or if you have >> openssh>3.8 >> you might want to use -Y to make sure Eterm or such don't just crash with >> 'Bad Atom' on you. > > my-ws $ ssh -f iptable-host xterm > > Then, on iptable-host in that xterm, > > iptable-host $ ./iptables > > and that window doesn't respond for 20 seconds until my failsafe rule flush kicks in. > > In the iptables script: > > (sleep 20; iptables -F) & > > -- > Jeff > > Jeff Abrahamson <http://www.purple.com/jeff/> +1 215/837-2287 GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B > ___________________________________________________________________________ Philadelphia Linux Users Group -- > http://www.phillylinux.org > Announcements - > http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- > http://lists.phillylinux.org/mailman/listinfo/plug > The easiest way I see in solving this problem is to add the following rule: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT That will accept all connections that are related to previously-open connections. Since you open an ssh connection which is allowed, everything that you'll open related to that connection will be allowed. Are you filtering on OUTPUT as well? Do you have icmp filtering? - -Cos - -- Cosmin Nicolaescu Systems Administrator Drexel University Computer Science Department University Crossings Rm. 135 (267)-918-8505 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCZovTzJ8rDInR5JcRAjYgAKCS8crctk3C/HPVg05VDd4B3LFNTACeOYkf vi01SjhlpcFCmyV6uKjhTGk= =PJLK -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] iptables

Next by Date: [PLUG] beep produced for printf("\abeep \n");

Previous by thread: Re: [PLUG] iptables

Next by thread: [PLUG] abit AI7 - acpi, ht

Index(es):

Date

Thread