Just another worthless blog
Bit to go here, one of these days
Iptables for Blogger
By NullMind on October 10, 2005 | 
Print This Post
I was looking around on my HD for a Iptables string I had to allow Blogger.com users to post to our servers
here it is
-A INPUT -s 66.102.15.83 -p tcp -m tcp –dport 1024:65535 -j ACCEPT
-A INPUT -s 216.34.7.186 -p tcp -m tcp –dport 1024:65535 -j ACCEPT
Technorati Tags: Blogger, blogs, Computers, firewall, iptables
Popularity: 26% [?]
9 comments
Posted in: Computers / Internet
Did you like it? Click here to subscribe for free.
Share and Save
adsense ad?
nullmind says:
October, 11, 2005 at 19:18these 2 rules will allow outbound port range 1024 to 65535 to be open for the ip’s
66.102.15.83
216.34.7.186
Wich are the blogger publishing ip’s .. this allows their FTP to login in PASV move .. PASV mode will open ports back on the range mentioned above.
polarizer says:
October, 17, 2005 at 10:33Ahh! I misunderstood your term “post”. Under this new point of view i think your rules a too generous, because it is allowed to connect to every port
polarizer says:
October, 17, 2005 at 10:35Ahh! I misunderstood your term “post”. Under this new point of view i think your rules a too generous, because it is allowed to connect to every port 0-1024, not only ftp pasv (tcp,21).
Check this[1] out for detailled instructions.
[1] http://slacksite.com/other/ftp.html#passive
polarizers 2cent
http://www.codixx.de/polarizer.html
nullmind says:
October, 17, 2005 at 10:45it will alloww only those two ip’s to connect to any port on that range .. so unless blogger attacks you, you shoudl be ok 
polarizer says:
October, 17, 2005 at 11:30Since it is public now because of your blog, one can spoof the ip with ease :O)
nullmind says:
October, 17, 2005 at 12:22yes .. but you assumign 2 things
1 - there are no other security measures in place
2 - that I gave a server IP were those rules are set (no, they not set on THIS server 
)
becides, a smart hacker knows those ports need to be open for blogger to publish, so they can just look for any blogger site and try to spoof that IP .. thats why additional security measures need to be taken, stuff like hardened php, mod_security, latest OpenSSH etc .. all part of keeping a server secured .. one can never just rely on the firewall.
Andrew Suares says:
October, 21, 2005 at 16:51I was wondering, is it necessary to open a range of ports?
nullmind says:
October, 21, 2005 at 17:01Unfortunately, yes …
http://help.blogger.com/default/bin/answer.py?answer=105&query=firewall&topic=0&type=f
The proble is that their FTP publishing uses PASV (Passive) mode, but you can allways try this aproach instead if you using iptables
Post a Comment
Answer a question or login:
Quick Look
- Books / Movies (7)
- Computers / Internet (114)
- Cooking Recipes (2)
- Family (36)
- Featured (4)
- General (76)
- Photography (9)
- RC (65)
- Short Rants (6)
- Toonz (21)
- Trips / Places (26)
- Voicemails (1)
- Work (30)
8IGHT-T
8T
Berg
Blade
Blog
Broken In
BT
Couch
Earth Hour
Fioroni
Google
Hirobo
Hosting365
iJaiBreak
Internet
iPhone
Jailbreak
london
Losi
MAC
MacBook Pro
MLST
Neo08
NNRC
OFNA
OSX
Parallels
Purple Fever
rant
RC
RC NUT
Relio
Robbed
Rock Crawling
Server
SMD
Team Losi
UK2
Valentine
Virtuozzo
VPS
VPS.NET
VPS Cloud
WebHosting
Wordpress
polarizer says:
October, 11, 2005 at 08:43I do not unterstand, how this should work. As i assume your standard policy is DENY for your iptables chains. But in what way this 2 rules will affect your intention?
the polarizer