Please note the new address for this forum : forum.excito.org. The old address redirects here but I don't know for how long. Thanks !
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Request for out-of-the-box B3 iptables

Got problems with your B2 or B3? Share and get helped!
Post Reply
Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Request for out-of-the-box B3 iptables

Post by Cheeseboy »

Hello all,

During the years I have modified iptables extensively due to a multitude of alterations to my systems.
The changes have followed me from Bubba Server to B2 to the B3.
Looking at it now, I'm no longer sure what's going on. There are so many things added for different VPN solutions, outgoing UDP for SIP etc. and they don't show up in the web interface...
Some of it might have been added by successful crackers for all I know.

To be frank, I don't understand half of what's in there any more...

Would anyone with a freshly installed B3 be kind enough to send me the output of:

Code: Select all

sudo iptables-save
I understand you might want to change specifics like IP addresses of your output, and that you do not want to post it here on the forum. I just want an idea of what the standard is now days, and what I might have changed since 2007.
A PM would do nicely.

Many thanks in advance!

Cheeseboy
Top
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Request for out-of-the-box B3 iptables

Post by Ubi »

this is for a b3-wifi

Code: Select all

root@b3:~# iptables-save 
# Generated by iptables-save v1.4.8 on Sun Feb 10 14:59:58 2013
*nat
:PREROUTING ACCEPT [634690:46782356]
:INPUT ACCEPT [605847:44426050]
:OUTPUT ACCEPT [344909:25953513]
:POSTROUTING ACCEPT [373683:28300594]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Sun Feb 10 14:59:58 2013
# Generated by iptables-save v1.4.8 on Sun Feb 10 14:59:58 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [5424177:4356522359]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i br0 -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT 
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 143 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 993 -j ACCEPT 
-A FORWARD -i br0 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT 
COMMIT
# Completed on Sun Feb 10 14:59:58 2013
Top
RandomUsername
Posts: 904
Joined: 09 Oct 2009, 18:49

Re: Request for out-of-the-box B3 iptables

Post by RandomUsername »

FYI, I think you can get this from the firewall.conf file in a reinstall image.
Top
Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: Request for out-of-the-box B3 iptables

Post by Cheeseboy »

Thank you both!
Top
Post Reply

Return to “B2 & B3 Support”