Public Pastes
daily pastebin goal
13%
SHARE
TWEET

Untitled

a guest Feb 8th, 2016 18 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. We configured ipv4 firewall rules for one of our server in such a way it should allow only configured ip's on port 2070.  
  3.  
  4.  
  5. ----------
  6. ##ipv4
  7.  
  8. iptables -L    
  9. o/p:
  10.  
  11.  
  12. target     prot opt source               destination        
  13. fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
  14. ACCEPT     tcp  --  1.2.3.4         anywhere         tcp dpt:2070
  15. ACCEPT     tcp  --  5.6.7.8             anywhere         tcp dpt:2070
  16. ACCEPT     tcp  --  9.10.11.12.13       anywhere         tcp dpt:2070
  17. ACCEPT     tcp  --  10.11.13.12         anywhere         tcp dpt:2070
  18. DROP       tcp  --  anywhere            anywhere         tcp dpt:2070
  19.  
  20. Chain FORWARD (policy ACCEPT)
  21. target     prot opt source               destination        
  22.  
  23. Chain OUTPUT (policy ACCEPT)
  24. target     prot opt source               destination        
  25.  
  26.  
  27.  
  28.  
  29.  
  30.  
  31.  
  32. Few days later we came across a situation that we should configure ip firewall rules in such a way "it should allow know ipv4& ipv6 address".
  33.  
  34. DROP       tcp  --  anywhere            anywhere         tcp dpt:2070
  35.  
  36. Above IPv4 DROP Rule rejecting the all unknow ipv4 address, but it is also rejecting the ipv6 connections too.
  37.  
  38.  
  39. I need to modify the configurations in such a way,
  40. 1. it should allow only configured ipv4& ipv6 address on port 2070.
  41.  
  42. Please give suggestions
  43.  
  44. ----------
  45. ##ipv4
  46.  
  47. iptables -L    
  48. o/p:
  49.  
  50.  
  51. target     prot opt source               destination        
  52. fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
  53. ACCEPT     tcp  --  1.2.3.4         anywhere         tcp dpt:2070
  54. ACCEPT     tcp  --  5.6.7.8             anywhere         tcp dpt:2070
  55. ACCEPT     tcp  --  9.10.11.12.13       anywhere         tcp dpt:2070
  56. ACCEPT     tcp  --  10.11.13.12         anywhere         tcp dpt:2070
  57. DROP       tcp  --  anywhere            anywhere         tcp dpt:2070
  58.  
  59. Chain FORWARD (policy ACCEPT)
  60. target     prot opt source               destination        
  61.  
  62. Chain OUTPUT (policy ACCEPT)
  63. target     prot opt source               destination        
  64.  
  65.  
  66.  
  67. --------
  68. ##ipv6
  69. ip6tables -L    
  70. o/p:
  71.  
  72. target     prot opt source               destination        
  73. ACCEPT     tcp      2606:a000:122d:113:f456:ca4d:fe2:2656  anywhere             tcp dpt:2070
  74. DROP       tcp      anywhere             anywhere             tcp dpt:2070
  75.  
  76. Chain FORWARD (policy ACCEPT)
  77. target     prot opt source               destination        
  78.  
  79. Chain OUTPUT (policy ACCEPT)
  80. target     prot opt source               destination
RAW Paste Data
Top