Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
14
votes
3 answers

What are the named ports for iptables?

When setting up iptables you can name the port ssh which will use port 22. Is there a list of all the named ports? Specifically I need ssh, http, https and mysql.
Jason Christa
  • 622
  • 4
  • 11
  • 21
14
votes
7 answers

Accessing the DNAT'ted webserver from inside the LAN

I have a small network with a router, which maintains a connection to Internet, a server and some workstations in a local network. Server is meant to be accessed from the Internet, and there are several DNAT entries set in the router iptables, like…
Catherine
  • 484
  • 1
  • 3
  • 11
14
votes
3 answers

Automatically modify iptables based on Apache log data to block badly behaved clients

Is there any tool on Linux to automatically modify iptables so as to block a troublesome client based on an analysis of the Apache log? I help run a site that sometimes get overwhelmed by requests from a particular user. The only solution is to add…
Rangachari Anand
  • 243
  • 3
  • 7
14
votes
4 answers

Good iptables starting rules for a webserver?

I am installing a new centos 5.4 server and I would like to have a set of clean rules for mu iptables to startup. What would be the good rules to start with? Is this a good starting point : # Allow outgoing traffic and disallow any…
benjisail
  • 1,331
  • 5
  • 19
  • 32
14
votes
1 answer

Ufw and Iptables. Which is better and why?

I am a newbie to this domain, so i kept researching on ufw and iptables. But I cant distinguish them clearly because in every article /blog both of these names are present and I am really confused whether these are similar or not. I know ufw is a…
HelloWorld
  • 243
  • 1
  • 2
  • 5
13
votes
1 answer

Iptables forward all traffic to a specified port, to another device

How can I modify this iptables rule, so that all traffic which coming for this computer will be forwarded to 192.168.42.10? iptables -t nat -A PREROUTING -s 192.168.46.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.42.10:80 The problem is…
PumpkinSeed
  • 345
  • 2
  • 5
  • 12
13
votes
2 answers

Counting bandwidth from a Docker container

I'm trying to figure out how to track bandwidth coming from a Docker container. Normally I use --uid-owner as mark to keep track of bandwidth usage for a given user. However, even when I run all the processes as the user inside the docker container…
Maran
  • 321
  • 1
  • 4
  • 12
13
votes
2 answers

How to do port forwarding/redirecting on Debian?

I have two questions. Question 1: My debian machine has interface eth3 with ip 192.168.57.28. If someone tries to connect to 192.168.57.28:1234 how do I redirect the request to another machine: 192.168.57.25:80? Question 2: If my debian machine has…
Dánjal Salberg Adlersson
  • 283
  • 1
  • 2
  • 5
13
votes
3 answers

What exactly do --limit 1/s and --limit-burst mean in iptables rules?

I'm using CentOS 5.x trying to wrap my mind around the following iptables rule on one of my servers: -A RH-Firewall-1-INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT On another server I have: -A RH-Firewall-1-INPUT -p icmp…
Mike B
  • 11,871
  • 42
  • 107
  • 168
13
votes
2 answers

connect Open vSwitch switch to real network : iptables masquerade

I'm using Open vSwitch to create a switched network between virtualBox guest machines, and i want that the host OS (Ubuntu 12.04) join this network and to configure it as the gateway of this virtual network: First, i created a vswitch and i added…
LokmanDz
  • 131
  • 1
  • 1
  • 5
13
votes
5 answers

How to Enable IPtables TRACE Target on Debian Squeeze (6)

I am trying to use the TRACE target of IPtables but I can't seem to get any trace information logged. I want to use what is described here: Debugger for Iptables. From the iptables man for TRACE: This target marks packes so that the kernel will…
bernie
  • 385
  • 1
  • 3
  • 12
13
votes
2 answers

Fail2Ban unblock ipaddress

I am trying to unblock an IP address without restarting Fail2Ban each time, what is the best way of doing this? Or can you point me in the direction of a useful guide? As you can see below the IP address I am trying to remove is: 89.31.259.161 #…
John Magnolia
  • 1,723
  • 6
  • 28
  • 46
13
votes
2 answers

tcp flags in iptables: What's the difference between RST SYN and RST and SYN RST ? When to use ALL?

I'm working on a firewall for a virtual dedicated server and one of the things I'm looking into is port scanners. TCP flags are used for protection. I have 2 questions. The rule: -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP First argument…
Kris
  • 1,367
  • 3
  • 15
  • 17
13
votes
3 answers

What are the IPV6 reserved address spaces?

I'm converting my good old IPV4 based iptables firewall script and would like to substitute the CLASS A/B/C/D/E reserved address spaces to the ones found in IPV6. My goal is to deny any packets that originate from these addresses, since these cannot…
Jauzsika
  • 651
  • 1
  • 4
  • 10
12
votes
2 answers

What is the different between "iifname" and "iif" in nftables?

https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Meta Is there any difference between iifname (outside the name is string) and iif and what is recommended?
mvorisek
  • 515
  • 1
  • 9
  • 19
1 2 3
99 100