A networking program that controls the incoming and outcoming stream of data in a computer.
1
vote
1answer
37 views
No internet even with iptables ACCEPT all
I was trying to setup the firewall settings, and probably did something wrong. I don't have internet now unless I stop iptables service
I tried flushing,and accepting everything
sudo iptables -F
...
0
votes
1answer
17 views
iptables couldn't load target allow
I am using the command below to allow all traffic from hosts on my internal network but it says "iptables v1.4.18: Couldn't load target `ALLOW':No such file or directory". What is the problem here?
...
0
votes
1answer
39 views
Archlinux not configured with iptables
I have been trying to set up iptables on my archlinux server, however when I run iptables -nvL I receive the error
iptables v1.4.20: can't initialize iptables table 'filter': Table does not exist ...
4
votes
1answer
31 views
How do you do NAT port redirection with PF?
In Linux, you can do NAT port redirection with a command like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000
What is the equivalent with BSD's PF?
0
votes
1answer
42 views
iptables - why the stun, turn ports are not working to allow end points to access the server?
I have this iptables where all working except tcp/udp port 3478 and 5349.
$ cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Nov 21 10:21:41 2013
*filter
:FORWARD ACCEPT [0:0]
...
0
votes
0answers
52 views
Fail2ban - alternative robust for enterprise protection against DoS attack in SIP and similar to fail2ban features
Is there any fail2ban like software for CentOS 2.6.32-358.6.2.el6.x86_64 ? (fail2ban is 0.8.10 installed) but its slowing down the system completely, i was looking for something which can be similar ...
2
votes
2answers
91 views
Do I need a special firewall on a personal computer
I am relatively new to Linux and was wondering about security issues. Most people agree that a virus-scanner is not useful on a linux system, but what about a firewall? I am using Debian wheezy stable ...
2
votes
1answer
29 views
Ubuntu blocks access to services when not logged in
I'm not really sure what's going on here. I have the following:
A fresh install of Ubuntu 12.04 LTS.
Jira 6.1.2 installed as per instructions from Atlassian.
Confluence 3.5.13 installed as per ...
1
vote
0answers
23 views
destination IP mangle table
I have machine with 2 interfaces:
eth1 connected to internet (ip xx.xx.xx.xx)
eth0 connected to my laptop (ip yy.yy.yy.yy)
I add those lines to the firewall file in order to manage the bandwidth
...
4
votes
2answers
166 views
fail2ban log parsing too slow on Raspberry Pi - options?
I'm running fail2ban on a Raspberry Pi at 950MHz which I cannot overclock further.
The Pi is occasionally subject to SYN floods on particular ports. I've set up iptables to throttle the rate of SYNs ...
1
vote
2answers
56 views
How does KVM set its own netfilter rules?
I've been poking around with KVM VM's on Centos 6.4 and after some hair pulling and copious amounts of trying to break my desk with my head due to not having an internet connection on my VM's, I found ...
1
vote
2answers
54 views
Open a port CentOS
I'm new in CentOS and I'm trying to create a little script in Python, something like:
$ python -m SimpleHTTPServer
If I try to access port 8000 in my web browser, I don't get access, however if I ...
3
votes
1answer
90 views
Rsync over ssh tunnel - using gateway server
Environment:
---------- ---------- /| ------------
| Work | | Gateway| | | | cluster |
|Station |--------------------------------| ...
1
vote
1answer
41 views
Reach service on VM with private address
I have this configuration:
source: https://www.lucidchart.com/publicSegments/view/5256a1e5-afb0-4c7a-96fa-35750a00527d/image.png
Basically, I have to reach a service which is running on the virtual ...
1
vote
0answers
45 views
Firewall config prevents hibernate connecting to postgres in CentOS6.3
I have an operating environment in CentOS 6.3 that has tomcat7 and postgres9.2 installed. There is just one web application deployed in tomcat that tries to establish a connection from localhost to ...
2
votes
1answer
80 views
What are the pros and cons to editing iptables configuration file vs adding rules via the iptables command
I am working with a product on CentOS that occasionally needs to automatically add and remove rules from the iptables configuration. For example, during an update, we want to explicitly refuse ...
0
votes
1answer
106 views
how to investigate firewall blocked outbound tcp
CentOS webserver with CSF (Config Server Firewall) running. Blocking all outbound / Inbound traffic except listed ports 80 81 22 21 etc for web, mail & FTP services etc.
I'm use to seeing heaps ...
1
vote
1answer
41 views
FreeBSD ipfw keepstate vs setup keep-state
A lot of examples where people are using keep-state with setup together. For example:
ipfw add 1 allow tcp from any to me 22 setup keep-state
Because of setup, this rule will allow only SYN ...
2
votes
1answer
356 views
UFW: Allow traffic only from a domain with dynamic IP address
I run a VPS which I would like to secure using UFW, allowing connections only to port 80.
However, in order to be able to administer it remotely, I need to keep port 22 open and make it reachable from ...
0
votes
2answers
113 views
Isolate a hosts networking with iptables
I want to isolate a host on my home intranet using iptables on my linux router. So say for instance, I have a host that has the IP of 10.0.1.50 and I want it to be able to talk to the rest of the ...
0
votes
0answers
104 views
fedora 18/firewalld - SMTP port to forward not working
I'm trying to use a dummy/DEV smtp server (webster) which by default opens port 5000 to accept SMTP messages.
Previously with Fedora 16/iptables had no problems opening port 25, redirect to port ...
2
votes
0answers
51 views
FreeBSD pf firewall, new connections severly delayed when nating
I have a newly setup fbsd 9.1 with pf, which itself doesn't experience any slowness when for example downloading a debian iso from my local debian repo (ftp.se.debian.org). Any machine behind it, ...
1
vote
0answers
95 views
Full network logging via linux firewall ( iptables )?
How truly enable full network logging via iptables?
There is an option --log-prefix to add a tag to log entries. But the log entries don't show all complete packets.
What a grand way to enable full ...
3
votes
1answer
110 views
IPtables : Limit number of new ssh connections per minute
I need to ensure on my server that maximum new ssh connections per minute are not more then 5.
sudo /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
Above ...
2
votes
0answers
282 views
openwrt firewall - block a set of ip addresses from internet access
I'm running OpenWRT Attitude Adjustment r33556 / LuCI Trunk (trunk+svn9325) on my WNDR3800.
I would like to configure my firewall to:
Only allow a specific range of IP addresses to access internet, ...
0
votes
0answers
30 views
Custom firewall zone
Is there a way to create a custom zone using firewall-cmd in fedora. They give you some predetermined zones, but no way to create a custom zone with a custom name and add rules to that zone.
Is ...
2
votes
1answer
70 views
Linux GUI to track connections made from/to this computer
Is there a GUI to track any socket connection sent to this computer and which program that initiates it?
Also if possible track any incoming connection sent to this computer and which program that ...
1
vote
1answer
102 views
Intercept incoming TCP/IP packets on Linux and perform NAT
I want to make a decision of what computer is behind the firewall sending the packet.
Imagine I have 2 PCs behind the firewall and I want to, based on (my algorithm), make a decision at the firewall ...
6
votes
1answer
686 views
Creating UFW rule to allow application to use dynamic ports
I am currently trying to get a Google Chromecast device to work through my Ubuntu 13.04 based computer. Currently, the Google Chrome extension shows "no devices found" as long as my UFW firewall is ...
1
vote
2answers
320 views
Missing iptables file on directory /etc/init.d/ (Fedora 17)
Is the iptables file in Fedora 17 moved from /etc/init.d/ to /etc/sysconfig/? I need do some patching to the iptables file to solve the firewall problem (Setting chains to policy ACCEPT: security raw ...
0
votes
2answers
110 views
PF and types of NAT(Network Address Translation)
As you know, at least 3 types of NAT are used. Of course i need to two types of them.DNAT and SNAT. DNAT : hiding server behind NAT, SNAT : hiding your client behind NAT.
Question:
I read a quick ...
2
votes
3answers
166 views
what is the required ports to be opened on the firewall?
Currently I'll be installing one AIX server behind a firewall, I just asked to open port 443 to use the SSH protocol to access this UNIX server.
I already changed the default ssh port to be 443 ...
0
votes
0answers
42 views
how to list blocked connections events by the firewall?
So, I used firestarter that had logged blocked connections events with some useful details (but it is not being updated and I found somewhat unsafe as any moment we could click to deactivate the ...
0
votes
1answer
267 views
Looking to build a low powered linux based firewall
I am looking to build a low powered linux based firewall. I need a reliable piece of hardware that has two (2) LAN inputs and a built in wifi. Fanless and low power system. any recommendations? Any ...
0
votes
1answer
62 views
Is there any tools which can be used to make ports available from any firewall network?
I have been testing my application which has TCP/UDP ports for peer to peer with the help of server signalling commands for making communication, that works when I have Public IP or Lan IP and not ...
1
vote
2answers
71 views
what is `firewalld --nofork`
I carelessly killed the following process
root 470 1 0 Jun06 ? 00:00:13 /usr/bin/python /usr/sbin/firewalld --nofork
Is there any consequence from killing the process?
Are there ...
2
votes
1answer
39 views
RapidIO packet filtering in Linux
I was wondering if there is support in Linux Kernel for RapidIO packets filtering, something similar to iptables, but based on RapidIO header?
2
votes
1answer
141 views
ufw firewall rules for security.debian.org
What is a practical way to manage a whitelist of firewall outgoing connection rules for http://security.debian.org (on a server that blocks all outgoing connections by default)?
My understanding is ...
2
votes
3answers
478 views
How to setup transparent firewall using ArchLinux
I am trying yo setup a Transparent Firwall using ArchLinux.
My setup looks like this:
(ISP, IP: 10.90.10.254)
\
\
\ (eth0-> ip: 10.90.10.1 gateway: 10.90.10.254)
+-----------+
| ...
0
votes
0answers
60 views
In Linux is there any tools or package which can do STUN TURN ICE NATs and firewalls break end-to-end connectivity
In Linux is there any way to do this NATs and firewalls break end-to-end connectivity with existing package or tools?
e.g: close source cant use it for free
...
0
votes
1answer
86 views
Iptable rule to ssh over the internet
I've a server abc.example.com and a remote desktop zzz.example.com. I'm using SSH over a custom port, say, 6789. Whenever my firewall is off, I'm able to connect to the server successfully. But, as ...
3
votes
1answer
614 views
IPTables - Port to another ip & port (from the inside)
I currently have a NAS box running under port 80. To access the NAS from the outside, I mapped the port 8080 to port 80 on the NAS as follow:
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT ...
1
vote
1answer
115 views
Possible sftp connection behind a router that is impossible to open any public ports except some standart ports like http?
I want to ask about the problem that I have with my office computer. I cannot reach the router so I cannot redirect any incoming requests to my PC.
I have to get a huge file from another computer on ...
1
vote
0answers
33 views
Firewalld SELinux
Is there any way to better explanation firewall-cmd than the one given in Fedora18 wiki.
I am trying to convert iptables to FirewallD in cmd line without GUI but cannot find a decent example or ...
1
vote
0answers
107 views
PGP keyserver and proxy firewall issues
I am not sure this is a Linux question directly ... I use Arch Linux which uses package signing. This requires me to download a set of pgp keys with the pacman-key program. This works off the ...
6
votes
4answers
4k views
How to check whether firewall opened for a port but not listening on the port
We will be deploying a new application to a Server and the application will be listening on port 8443. We have asked Network team to open the firewall for the port 8443 on that server before deploying ...
1
vote
1answer
77 views
Adblock rule to block g+ / twitter / etc. [closed]
Looks like this rule works to blocking facebook domain, when not visiting the facebook domain (ex.: "like/share" etc. buttons on other pages then facebook):
! don't allow facebook outside facebook..
...
3
votes
2answers
2k views
iptables rules not reloading on CentOS 6.x
I have one single ipset added to my iptables on a CentOS 6.x box and this rule is lost when the machine reboots.
I've found this answer showing how to make a Ubuntu system reload the iptables rules ...
2
votes
1answer
245 views
How can I disable UFW logging for a specific event?
My router sends out multicast packets in regular intervals that are blocked by UFW's standard policies. These events are harmless but spam my syslogs and ufwlogs. I can't change the router's behaviour ...
2
votes
3answers
512 views
Linux stack for a home network firewall/proxy?
I've got a generic home 'network' where my ISP supplied modem acts as router with a software firewall built-in. My PCs connect directly to this router to access the Internet.
I want to place a box in ...
