Hi all, just wonder is there any command that blocks all connections?
I am aware about RedHat #sudo /sbin/services iptables panic
and wonder is there something with similar effect in opensuse?
thanks
Hi all, just wonder is there any command that blocks all connections?
I am aware about RedHat #sudo /sbin/services iptables panic
and wonder is there something with similar effect in opensuse?
thanks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Probably the same thing that RedHat is doing for you but directly:
sudo /usr/sbin/iptables -I INPUT -j DROP
Good luck.
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOIcwtAAoJEF+XTK08PnB5VLIQANTeDqFSek7/jSz0i2tObwL1
5dZpxRm6lU0MN4KKCbv9Vh65cBqfHtcanFPeMu7SJHT8BPoBzhmPWobP4XyH6jrA
skb/V6mTvfBityEE7OahdkOE/yb//zJEHLudpQUKU4Ekmug5j0qGpzLXs+bii5Oy
P/oDnO5pcPAmAYWztRwOzRXKK7U4csaiAgWLdB0k17SZ/YwXAx4xirRnXcCHY0+r
J6wPxizxcpKg2Pky+UTZE0tXr3rQN0L7lvWp9n+zH+GLG+RtxKFTsGcyiEy5ca/i
vM6lAOH+xQZk+m4Eve+oKzHHPw5st/7kdplwfCMYJcFMaR3uY+YA/2KrQRLBin8j
LYJrwb0uAX3XCHcrL7aY3ead9evrLG0JOBY5zju8YmWM6rZM3LHkvJmkEUj1yQA4
ZnTszO/CuaodhjymKh0R4f0FM0ftVwExnoX27rIsmjg8s7OiOSfvtM+uQoTL2mNq
814nu5ypqr4iJqIQlgVe7LK1lcbd4Arwy0vJySdW1YFvwm7PA5n0D6oasAhQk/Lc
WdHU9HXz0IDlC4gJco/mCQK4Jf082TfY+AJrI/cKyHkby8esHe/tVGIjof7jkhf+
JFUdkFot4bhG8h5X+k/zBKSol+TbaD3XQkGHQhsd18w26hlkPklHKsnWcIkJyKzy
aA8Tk7913mGwCqrjOenL
=tkpg
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I guess I should mention that this specifically stops everything coming
into your system. You could presumably do the same thing with OUTPUT
instead of INPUT to stop all outgoing traffic. What would be interesting
is to get the output of iptables-save
from RedHat after setting it to
‘panic’ so then you could learn from there and possibly create your own
script, or submit an enhancement for OpenSUSE.
You could also skip the firewall method and just set all of your network
devices to ‘down’ with ip link
or ifdown
or something.
Good luck.
On 07/16/2011 11:36 AM, ab wrote:
> Probably the same thing that RedHat is doing for you but directly:
>
> sudo /usr/sbin/iptables -I INPUT -j DROP
>
> Good luck.
>
>
>
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOIc2pAAoJEF+XTK08PnB5Sd4QAIHLoDK91uUytDd1aghDbUWE
GSuBPpUpcPO6DZfQZKvOU26ubpXfACv8HPIWtJ11DtH01HxsPPPygq1+GDNeEKWc
XVUtw5GPuRLyvjgTJPY2BGMvn5a6rSOAt82ZFYarjQliRRzzlWJe7B3MrDEU2q/s
l4y7EAh+Cb+rJR5z+j2zJ/tIudaXowCszKmKyS+sp1y0Mu5pKmi4awpGo5zYj/Pr
aFJz2t/JOYNKNhnMqYaAWTeveWclWLFQGJpHb+gdGwy0EvdqbafrL6RlbnLe7v78
eLGzzy3GRO8BY2ND6ViP40OWlBs07LEdbCvr6/aMPgWrdRPVnQy1PkyYX8EJzZFW
GfwPC+EHnovKjyDG+ZJyhxupHuaRZC7DTIwmbczEmAcdbrrwiqf5fyYOQ+uElhJ6
y8Twb2n4H3E5rE/VrHScuOiwDAWo2q77XQTkuZUJHVlFL01w6PWs1KE+9Q4+myur
NU6+YoGuGbl4mTYyiTY2UBZMRXrBkF6Y4Em9htPrDqYQPbvnDjeAzww52/c2shQ3
aX4PPDAftortCkLy1xsQPYV6hmTWHeFzArUCBmxyGi4cE5qONj0m2xGL+N58NkWA
kgpPfEJaRsQyajfU9QWkaKzFG4KAQq41/qeMIZjnOhckfb20DIwIoewD5DPRQy1W
XOBEcsv3hWpZlDqQQkci
=/PFK
-----END PGP SIGNATURE-----
I forgot about the ifdown wlan0 command lol!
but these command
> sudo /usr/sbin/iptables -I INPUT -j DROP
is also usefull , thanks ab
If you use
sudo /usr/sbin/iptables -I INPUT -j DROP
doesn’t that still have all the rules for INPUT running? If you were comprised by one of those rules presumably you could still be vulnerable. You might want to save and flush the rules then run the input drop.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No, the -I INSERTs the rule as the VERY FIRST rule trumping all other
rules. Using -A would have been the story about which you were thinking.
Good luck.
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOJG/TAAoJEF+XTK08PnB5klMP+wTaP8L+M93GsA6nJ5Wg4/03
+46OjJOl+9RGnYhAceQbWvA3hESfsKGF4exXBuU+sBxUj8iPhHivO1ycxB/z8fRD
76CruOfQRGNoCdSZPLAHfOrvYeyQ1r5YKH5wnWAHDIkLQygmWiqmyfobVOQexoJC
22RJ2aP27oqV7mql/kJTt08fokU4EpRNgSXewjMAr7TLbZ2oOoRY2vF3tWd0MgHW
vJXTmieDE0uPSnVTQnQw6T7oZOLRrkOiDHwV4wm6bfr9GTZOkmqFhB/h5tUYDh1d
tMt+Rm/0/fVmquX0JWrfQyrzEgotGXRIBJRtbSjl+c1Upe8rc1pEwF4hJxitkOOl
tjak6sAw+4/JbJWvDuOmIICsq8eU6ydeUEqERgcut7oPcsyWhwZT+NBzzHH0mPxn
9GKs+PwXwRzaVfwbAgewnmWzgj/N+TfBGvqitedezetKQx6pIsBY9Tp5sCcoqopw
UyvVAKYp77aLR5JIEqDtEr8IkGc/qwtRUQUfCsh/1Uejtnc0S2cHtD7+Ln+vYhPv
7i19e6+L5i2+Y3EEXKML5wHSBoI45e6i/8ZwSQQEP+koLjh1VWZCZKvlL7BmHOK+
n7qZeQlPOJqiaKAdVusPNZHJ/05CuXMucZf8svZhE1QsAhrSXfwtgU5XJ7lbSZ2y
t/UKzJ/ihpPPTd3DKC9h
=j9Mf
-----END PGP SIGNATURE-----