in NDD430

Objective
Test our ability to manipulate firewall (iptables) and secure/limit our network traffic as desired.
Prerequisite: Completion of Check point 3

Scenario 0 – The client can connect to all services listed in the assignment specification and ONLY services listed in the assignment specification

#!/bin/bash
#Flush iptables
iptables -F

#Set the policy to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#Create the appropriate logging Chains
iptables -N INPUT-ACCEPT
iptables -N INPUT-DROP
iptables -N OUTPUT-ACCEPT
iptables -N OUTPUT-DROP
iptables -N FORWARD-ACCEPT
iptables -N FORWARD-DROP

#Rules for INPUT-ACCEPT chain
iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED"
iptables -A INPUT-ACCEPT -j ACCEPT

#Rules for INPUT-DROP chain
iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED"
iptables -A INPUT-DROP -j DROP

#Rules for OUPUT-ACCEPT chain
iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED"
iptables -A OUTPUT-ACCEPT -j ACCEPT

#Rules for OUTPUT-DROP chain
iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED"
iptables -A OUTPUT-DROP -j DROP

#Rules for FORWARD-ACCEPT chain
iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED"
iptables -A FORWARD-ACCEPT -j ACCEPT

#Rules for FORWARD-DROP chain
iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED"
iptables -A FORWARD-DROP -j DROP

#SSH/SCP to Router
iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-ACCEPT
iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-ACCEPT

#SSH/SCP to Server
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#IIS 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Apache 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#MySQL 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#HMAIL IMAP
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#HMAIL SMTP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#DNS
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
 
#DHCP
iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT 
iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT
iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT

#FTP UNENCRYPTED
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT 

 

Scenario 1 – The client can connect to ONLY the following services:

  • DHCP
  • DNS
  • SSH to the router
  • IIS web server
  • Mysql Web server

iptables Rules:

#!/bin/bash

#Flush iptables
iptables -F

#Set the policy to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#Create the appropriate logging Chains
iptables -N INPUT-ACCEPT
iptables -N INPUT-DROP
iptables -N OUTPUT-ACCEPT
iptables -N OUTPUT-DROP
iptables -N FORWARD-ACCEPT
iptables -N FORWARD-DROP

#Rules for INPUT-ACCEPT chain
iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED"
iptables -A INPUT-ACCEPT -j ACCEPT

#Rules for INPUT-DROP chain
iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED"
iptables -A INPUT-DROP -j DROP

#Rules for OUPUT-ACCEPT chain
iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED"
iptables -A OUTPUT-ACCEPT -j ACCEPT

#Rules for OUTPUT-DROP chain
iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED"
iptables -A OUTPUT-DROP -j DROP

#Rules for FORWARD-ACCEPT chain
iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED"
iptables -A FORWARD-ACCEPT -j ACCEPT

#Rules for FORWARD-DROP chain
iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED"
iptables -A FORWARD-DROP -j DROP

#SSH/SCP to Router 
iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-ACCEPT
iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-ACCEPT

#SSH/SCP to Server
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#IIS
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Apache
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#MySQL 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Hmail IMAP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#Hmail SMTP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#DNS 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#DHCP 
iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT
iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT
iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT

#Unencrypted FTP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

 

Scenario 2 – The client can connect to all services except the following:

  • SSH to the router

iptables Rules

#!/bin/bash

#Flush iptables
iptables -F

#Set the policy to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#Create the appropriate logging Chains
iptables -N INPUT-ACCEPT
iptables -N INPUT-DROP
iptables -N OUTPUT-ACCEPT
iptables -N OUTPUT-DROP
iptables -N FORWARD-ACCEPT
iptables -N FORWARD-DROP

#Rules for INPUT-ACCEPT chain
iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED"
iptables -A INPUT-ACCEPT -j ACCEPT

#Rules for INPUT-DROP chain
iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED"
iptables -A INPUT-DROP -j DROP

#Rules for OUPUT-ACCEPT chain
iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED"
iptables -A OUTPUT-ACCEPT -j ACCEPT

#Rules for OUTPUT-DROP chain
iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED"
iptables -A OUTPUT-DROP -j DROP

#Rules for FORWARD-ACCEPT chain
iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED"
iptables -A FORWARD-ACCEPT -j ACCEPT

#Rules for FORWARD-DROP chain
iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED"
iptables -A FORWARD-DROP -j DROP

#SSH/SCP to Router
iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-DROP
iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-DROP

#SSH/SCP to Server
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#IIS
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Apache
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#MySQL
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Hmail IMAP
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#Hmail SMTP
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#DNS 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#DHCP
iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT
iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT
iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT

#Unencrypted FTP
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

 

Scenario 3 – The client can connect to ONLY the following services:

  • SCP
  • Unencrypted FTP
  • DHCP
  • DNS

iptables Rules:

#!/bin/bash

#Flush iptables
iptables -F

#Set the policy to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#Create the appropriate logging Chains
iptables -N INPUT-ACCEPT
iptables -N INPUT-DROP
iptables -N OUTPUT-ACCEPT
iptables -N OUTPUT-DROP
iptables -N FORWARD-ACCEPT
iptables -N FORWARD-DROP

#Rules for INPUT-ACCEPT chain
iptables -A INPUT-ACCEPT -j LOG --log-prefix "INPUT-ACCEPTED"
iptables -A INPUT-ACCEPT -j ACCEPT

#Rules for INPUT-DROP chain
iptables -A INPUT-DROP -j LOG --log-prefix "INPUT-DROPPED"
iptables -A INPUT-DROP -j DROP

#Rules for OUPUT-ACCEPT chain
iptables -A OUTPUT-ACCEPT -j LOG --log-prefix "OUTPUT-ACCEPTED"
iptables -A OUTPUT-ACCEPT -j ACCEPT

#Rules for OUTPUT-DROP chain
iptables -A OUTPUT-DROP -j LOG --log-prefix "OUTPUT-DROPPED"
iptables -A OUTPUT-DROP -j DROP

#Rules for FORWARD-ACCEPT chain
iptables -A FORWARD-ACCEPT -j LOG --log-prefix "FORWARD-ACCEPTED"
iptables -A FORWARD-ACCEPT -j ACCEPT

#Rules for FORWARD-DROP chain
iptables -A FORWARD-DROP -j LOG --log-prefix "FORWARD-DROPPED"
iptables -A FORWARD-DROP -j DROP

#SSH/SCP to Router 
iptables -A INPUT -p tcp -s 195.165.8.0/26 --dport 2323 -m state --state NEW,ESTABLISHED,RELATED -j INPUT-DROP
iptables -A OUTPUT -p tcp -d 195.165.8.0/26 --sport 2323 -m state --state ESTABLISHED,RELATED -j OUTPUT-DROP

#SSH/SCP to Server
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 4242 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 4242 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#IIS
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 9393 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 9393 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#Apache
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 8383 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 8383 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#MySQL 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 3306 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#Hmail IMAP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 143 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#Hmail SMTP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-DROP
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 25 -m state --state ESTABLISHED,RELATED -j FORWARD-DROP

#DNS
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -s 195.165.8.0/26 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp -d 195.165.8.0/26 --sport 53 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

#DHCP 
iptables -A INPUT -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j INPUT-ACCEPT
iptables -A OUTPUT -p udp --sport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j OUTPUT-ACCEPT
iptables -A FORWARD -p udp --dport 67:68 -m state --stateNEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p udp --sport 67:68 -m state --stateESTABLISHED,RELATED -j FORWARD-ACCEPT

#Unencrypted FTP 
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 21 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -s 195.165.8.0/26 --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j FORWARD-ACCEPT
iptables -A FORWARD -p tcp -d 195.165.8.0/26 --sport 20 -m state --state ESTABLISHED,RELATED -j FORWARD-ACCEPT

Log Script – Script should be able to search specific logged iptables traffic

Log Script:

#!/bin/bash

echo -e "Start time (April 10 12:00): "
read starttime

echo -e "End time (April 10 12:00): "
read endtime

echo -e "PORT OR IP: "
read portnumber

echo -e "ACCEPTED OR DROPPED: "
read status

awk -v d1="$(date --date="$starttime" "+%b %_d %H:%M")" -v d2="$(date --date="$endtime" "+%b %_d %H:%M")" '$0 >d1 && $0 < d2 || $0 ~ d2' /var/log/messages | grep "$status" | grep "$portnumber"

Sample Script Output:

root@router:~/CheckPoint04# ./log 
Start time (April 10 12:00): 
April 20 11:13
End time (April 10 12:00): 
April 20 11:15
PORT-IP: 
9393
ACCEPTED-DROPPED: 
ACCEPTED
Apr 20 11:15:09 router kernel: [11077.214894] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=52 TOS=0x02 PREC=0x00 TTL=127 ID=25616 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 
Apr 20 11:15:09 router kernel: [11077.215018] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=52 TOS=0x02 PREC=0x00 TTL=127 ID=14839 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=8192 RES=0x00 ECE ACK SYN URGP=0 
Apr 20 11:15:09 router kernel: [11077.215369] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25618 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2053 RES=0x00 ACK URGP=0 
Apr 20 11:15:09 router kernel: [11077.218468] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=555 TOS=0x02 PREC=0x00 TTL=127 ID=25619 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Apr 20 11:15:09 router kernel: [11077.219129] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=182 TOS=0x02 PREC=0x00 TTL=127 ID=14840 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Apr 20 11:15:09 router kernel: [11077.235019] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=182 TOS=0x00 PREC=0x00 TTL=127 ID=14841 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK PSH URGP=0 
Apr 20 11:15:09 router kernel: [11077.235084] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25620 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0 
Apr 20 11:15:09 router kernel: [11077.235603] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=25621 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0 
Apr 20 11:15:15 router kernel: [11082.973520] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25633 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK FIN URGP=0 
Apr 20 11:15:15 router kernel: [11082.973877] FORWARD-ACCEPTEDIN=eth3 OUT=eth1 MAC=00:0c:29:74:fc:79:00:0c:29:41:bf:bd:08:00 SRC=195.165.8.70 DST=195.165.8.2 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=14842 DF PROTO=TCP SPT=9393 DPT=49330 WINDOW=2053 RES=0x00 ACK FIN URGP=0 
Apr 20 11:15:15 router kernel: [11082.974565] FORWARD-ACCEPTEDIN=eth1 OUT=eth3 MAC=00:0c:29:74:fc:65:00:0c:29:5e:f8:7a:08:00 SRC=195.165.8.2 DST=195.165.8.70 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=25634 DF PROTO=TCP SPT=49330 DPT=9393 WINDOW=2052 RES=0x00 ACK URGP=0