Highest Voted 'conntrack' Questions - Server Fault Stack Exchange

0

votes

2 answers

yum not updating /etc/rc.d/init.d/iptables

I have been hit by the bug https://bugzilla.redhat.com/show_bug.cgi?id=493226 (restarting iptables ignores values in /etc/sysctl.conf). This bug has been fixed by RH quite a while ago. The server has had yum update run many times since the RH…

asked Jan 22 '13 at 18:03

Jistanidiot

171
1
7

0

votes

1 answer

iptables dos limit for all ports

I know how to use limit conntrack option to allow for DoS protection. However, I want to add a protection to limit no more than say 50 connections for each port. How can I do this? Basically, I want to make sure that each port can have no more than…

linux firewall iptables conntrack

asked Apr 11 '12 at 05:03

user101130

0

votes

3 answers

conntrack -L does not show any connection

I am writing a utility which will use Conntrack commands to show the connection states. I am a beginner and I wanted to play with the Conntrack before I could start my work. So, when I tried conntrack -L conntrack, I get the output which says there…

iptables conntrack

asked Oct 19 '11 at 22:55

SeattleOrBayArea

143
1
2
7

0

votes

0 answers

Wierd firewalld block after recent update, Centos Stream 9, blocks icmp replies as invalid state

I am running Centos Stream 9 on VMware. I recently used dnf update and now there is a weird problem that some ping-replies are stopped by the firewalld. If I stop the firewall, ping works ok. The problem presents itself like this: I ping from the…

centos firewalld icmp conntrack

asked Mar 31 '23 at 13:29

Teemu Sa

1
1

0

votes

2 answers

How to apply DROP rule immediately (iptables/conntrack)

An external IP is connecting to my mailserver VM every second and I just want to block this IP immediately without dropping existing connections. So I apply a DROP rule. I even reloaded all the iptables rules, but the external IP is still connecting…

iptables firewall linux-networking conntrack

asked Mar 15 '23 at 17:42

le_top

135
6

0

votes

0 answers

How Docker interacts with conntrack?

I am trying to understand how Docker interacts with conntrack. I created two containers (connected to docker0), pinged 4 times from one to the other, and analyzed the iptables counts. This is the result: iptables screenshot. My concern is with the…

iptables docker conntrack

asked Feb 25 '23 at 22:49

Rui Valadas

1

0

votes

0 answers

Drop first SYN packet with nftables

How can I drop the first SYN packet (or the first SYN/ACK reply) received by my server? I have a test VPS set up to capture and analyze malicious traffic directed to non-standard TCP ports, for example attacks on sshd running on a high port. Using…

redirect nftables conntrack syn

asked Jan 20 '23 at 15:23

Stewart

1

0

votes

1 answer

How can I allowing all established incoming connections without conntrack?

I want to make my iptables accepted all stablished incoming connections, but I don't have conntrack in my system so I can't run: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT It is possible to make it happened with something…

iptables conntrack

asked Aug 11 '22 at 06:46

Yosef

3
1

0

votes

0 answers

why allowing established incoming connections doesn't work?

I am trying to allowing all established incoming connections in my iptables using this command: sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT but I get this error message: "iptables-restore v1.8.4 (legacy): Couldn't load match…

iptables conntrack

asked Aug 06 '22 at 09:48

Yosef

3
1

0

votes

0 answers

conntrack events(conntrack -E) show 0.0.0.0 as source and destination addresses

These are the logs down below. [DESTROY] udp 17 src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0 packets=3 bytes=216 [UNREPLIED] src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0 packets=0 bytes=0 [NEW] udp 17 30 src=0.0.0.0 dst=0.0.0.0 sport=0 dport=0…

linux iptables linux-networking conntrack nf-conntrack

asked Jan 19 '22 at 16:19

jatinBatra

1

0

votes

1 answer

iptables FTP connection tracking not working

I am hoping someone can point me in the right direction here please. Running proftpd (with tls support) on a public IP. FTP client connects, but can't do a directory listing. When I change the "INPUT" policy on iptables to ACCEPT, it does work. The…

iptables ftp proftpd conntrack nf-conntrack

asked Sep 27 '21 at 10:25

Robert Schmitt

1

0

votes

1 answer

How conntrack and network namespaces works together?

Is nf_conntrack respects network namespaces? Does it creates a separate table for each network namespace based on its sysctl limits, or does it share memory (and limits) between different network namespaces? I've searched a lot, but wasn't able to…

linux-networking conntrack network-namespace

asked Sep 16 '21 at 13:37

George Shuklin

296
2
11

0

votes

3 answers

How to prevent netfilter to automatically change the source ports

I observed that netfilter changes the source port when a connection is established in the conntrack module. I need to prevent this behavior. Here is what I have done to reproduce my problem: I create a netfilter rule that will perform DNAT from…

linux iptables nat conntrack

asked Aug 03 '21 at 11:45

sebastien dontneedtoknowthat

103
4

0

votes

1 answer

route ipv4 to ipv6 as mechanism to overcome not owning an ipv4 block for load balancing purposes on premise k8s (none aws/gcp)

This is not a question about tunnelling, although that may be part of a solution. With public cloud providers it's trivial to request a load balancer due to providers owning large class A/B/C public IPv4 blocks. However, whilst it's trivial to own…

iptables load-balancing nat ipv6 conntrack

asked Apr 10 '21 at 14:41

user885983

153
1
4

Questions tagged [conntrack]