*Slaps my forehead*

Okay, so I'm not that good in iptables.

So what? I could probably wing it, what with the phlethora of information available on the Internet. Nothing to it. Phoeey!

Not.

After successfully cutting over from a slowly degrading 256kbps leased line connection to a slightly more robust 512kbps one, I've been tasked to implement an iptables firewall on a soon-to-be-deployed public proxy server.

The requirement was for it to accept only proxy requests from the existing firewall, along with DNS and SSH access. Fairly easy, I suppose.

Not quite. As soon as I got home, I tried accessing the net through the proxy, and indeed, it was open. I had SSH access to it, so off I went writing my script. Of course, first things first: flush the existing rules. Done. Set default policy to drop all INPUT, FORWARD and OUTPUT chains. Done. Oh, just try accepting proxy requests from the firewall, and denying everyone else:


iptables -A INPUT -s $FW_IP -p tcp --dport squid -j ACCEPT

iptables -A INPUT -s ! $FW_IP -p tcp --dport squid -j REJECT



Done. Save and restart iptables...

Aaaaaaaarrrrrrrrrrrgggggggggggggghhhhhhhhhhhhhhhh!

I forgot to modify the OUTPUT and FORWARD chains! Now, the SSH session has hanged. I've managed to lock myself out. (See above.)

Comments

Post a Comment

Popular posts from this blog

Pull files off Android phone

Image
This assumes you have Android Debug Bridge (ADB) installed. This will pull all files from a directory in an Android phone. cd /path/to/destination/directory adb pull /path/to/source . As Julian says, "Easy-peasy, lemon squeezy." (I use this, by the way, since the Nexus 5 and OS X Mavericks refuse to work together in USB mode.)
Read more