IPTABLES Rules for FTP

Support for security such as Firewalls and securing linux
Post Reply
janim4
Posts: 1
Joined: 2013/12/04 18:45:23

IPTABLES Rules for FTP

Post by janim4 » 2013/12/04 18:56:39

Hi
I am new to IPTABLES.

Can anyone tell me why I cannot connect to FTP using IPTABLES rules created by the following script I can connect to everything else:

#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow FTP connections @ port 21
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
# Allow Active FTP Connections
iptables -A INPUT -p tcp --sport 20 -m state --state NEW,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state NEW -j ACCEPT
# Allow Passive FTP Connections
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state NEW,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state NEW,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 3306 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8000 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8001 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
iptables -I INPUT -p tcp --dport 8443 -j ACCEPT

#
# Save settings
#
/sbin/service iptables save
#
# List rules
#
iptables -L -v

Thank you

Mike

tigalch
QA Team
Posts: 522
Joined: 2012/06/23 17:28:41
Location: Austria

Re: IPTABLES Rules for FTP

Post by tigalch » 2013/12/07 18:13:59

can you connect to your FTP-server when iptables is inactive?

Post Reply