Menu
NullMind's Lair
  • Home
  • Statue Collection
  • Jacket Collection
  • Contact
  • Archives
  • About
NullMind's Lair

Iptables for Blogger

Posted on October 10, 2005 by NullMind

I was looking around on my HD for a Iptables string I had to allow Blogger.com users to post to our servers

here it is

-A INPUT -s 66.102.15.83 -p tcp -m tcp –dport 1024:65535 -j ACCEPT
-A INPUT -s 216.34.7.186 -p tcp -m tcp –dport 1024:65535 -j ACCEPT

Technorati Tags: Blogger, blogs, Computers, firewall, iptables

Related

9 thoughts on “Iptables for Blogger”

  1. polarizer says:
    October 11, 2005 at 8:43 am

    I do not unterstand, how this should work. As i assume your standard policy is DENY for your iptables chains. But in what way this 2 rules will affect your intention?

    the polarizer

  2. nullmind says:
    October 11, 2005 at 7:18 pm

    these 2 rules will allow outbound port range 1024 to 65535 to be open for the ip’s

    66.102.15.83
    216.34.7.186

    Wich are the blogger publishing ip’s .. this allows their FTP to login in PASV move .. PASV mode will open ports back on the range mentioned above.

  3. polarizer says:
    October 17, 2005 at 10:33 am

    Ahh! I misunderstood your term “post”. Under this new point of view i think your rules a too generous, because it is allowed to connect to every port

  4. polarizer says:
    October 17, 2005 at 10:35 am

    Ahh! I misunderstood your term “post”. Under this new point of view i think your rules a too generous, because it is allowed to connect to every port 0-1024, not only ftp pasv (tcp,21).

    Check this[1] out for detailled instructions.

    [1] http://slacksite.com/other/ftp.html#passive

    polarizers 2cent
    http://www.codixx.de/polarizer.html

  5. nullmind says:
    October 17, 2005 at 10:45 am

    it will alloww only those two ip’s to connect to any port on that range .. so unless blogger attacks you, you shoudl be ok 🙂

  6. polarizer says:
    October 17, 2005 at 11:30 am

    Since it is public now because of your blog, one can spoof the ip with ease :O)

  7. nullmind says:
    October 17, 2005 at 12:22 pm

    yes .. but you assumign 2 things

    1 – there are no other security measures in place

    2 – that I gave a server IP were those rules are set (no, they not set on THIS server 😉 )

    becides, a smart hacker knows those ports need to be open for blogger to publish, so they can just look for any blogger site and try to spoof that IP .. thats why additional security measures need to be taken, stuff like hardened php, mod_security, latest OpenSSH etc .. all part of keeping a server secured .. one can never just rely on the firewall.

  8. Andrew Suares says:
    October 21, 2005 at 4:51 pm

    I was wondering, is it necessary to open a range of ports?

  9. nullmind says:
    October 21, 2005 at 5:01 pm

    Unfortunately, yes …

    http://help.blogger.com/default/bin/answer.py?answer=105&query=firewall&topic=0&type=f

    The proble is that their FTP publishing uses PASV (Passive) mode, but you can allways try this aproach instead if you using iptables

    http://nullmind.com/2005/04/27/iptables-w-proftpd/

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Carlos Rego – OnApp CVO & Co-Founder

Recent Comments

  • Bob petrusha on Plymouth Prowler
  • Voyager on Tallship Chronicles – Finally !!!
  • Tonny on Wolverine Weapon-X
  • NullMind on Coming Soon – Bullbars
  • Sid James on Coming Soon – Bullbars

Null's Flickr Photos

Відпочинковий комплекс ШепільськаSete CidadesIslamic MuseumBoat in DohaVM-E with 50mm/0.95Double Rainbow
More Photos

Categories

  • Books / Movies (8)
  • Camping (1)
  • Cars (14)
  • Check Ins (69)
  • Computers / Internet (146)
  • Cooking Recipes (2)
  • Family (53)
  • Featured (4)
  • Flights (176)
  • General (107)
  • Models & Statues (42)
  • Photography (276)
  • RC (66)
  • Short Rants (14)
  • Stuff (6)
  • Toonz (24)
  • Trips / Places (36)
  • Uncategorized (233)
  • Vape (3)
  • Voicemails (1)
  • Watches (6)
  • Work (48)

Tag Cloug

1/4 scale 8IGHT-T 8T Azores BSL canon50mmf095 Car Check Ins Copenhagen CPH england Flickr IFTTT Instagram LCY LGW LHR LIS Lisbon london Lviv LWO Marvel PDL Plymouth Prowler Ponta Delgada (Azores) Prowler RC RC NUT sonya7r Statues STN Tattoo Trip Tripit UK2 unitedkingdom VIE Vienna VPS VPS.NET Warsaw WAW Work ¼ Scale

Next Azores Trip

Quick TripFebruary 29, 2020
Going Home to Visit
©2023 NullMind's Lair | Powered by WordPress & Superb Themes