Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
48
votes
5 answers

Steps for limiting outside connections to docker container with iptables?

My goal is to limit access to docker containers to just a few public IP addresses. Is there a simple, repeatable process to accomplish my goal? Understanding only the basics of iptables while using Docker's default options, I'm finding it very…
GGGforce
  • 719
  • 2
  • 7
  • 10
48
votes
8 answers

Delete a iptables chain with its all rules

I have a chain appended with many rules like: > :i_XXXXX_i - [0:0] > -A INPUT -s 282.202.203.83/32 -j i_XXXXX_i > -A INPUT -s 222.202.62.253/32 -j i_XXXXX_i > -A INPUT -s 222.202.60.62/32 -j i_XXXXX_i > -A INPUT -s 224.93.27.235/32 -j i_XXXXX_i…
timy
  • 699
  • 1
  • 7
  • 14
42
votes
3 answers

Debugging rules in Iptables

How can I know how many packets were dropped by my iptables rules ?? Is there any debugging mechanism to see which rule is Dropping my packet or Accepting it ??
codingfreak
  • 591
  • 1
  • 7
  • 15
42
votes
2 answers

Can I use ufw to setup a port forward?

Im currently using ufw to enforce some basic firewall rules. Is it possible to also use ufw to do port forwarding? Specifically im wanting to forward incoming traffic to my server (same machine running ufw) on port 80 to port 8080. (http traffic…
tinny
  • 491
  • 2
  • 5
  • 11
41
votes
8 answers

Force local IP traffic to an external interface

I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to forward all the traffic sent to one of these local addresses through the other interface. For instance, all…
calandoa
  • 1,285
  • 2
  • 12
  • 14
40
votes
4 answers

What is the mangle table in iptables?

I am using iptable rules to filter & manipulate packets in my Ubuntu server. but I cannot understand the mangle table. Quoting from this iptables tutorial: This table should as we've already noted mainly be used for mangling packets. In other…
pylover
  • 748
  • 3
  • 9
  • 15
40
votes
1 answer

Will tcpdump see packets that are being dropped by iptables?

I have a firewall with these simple rules: iptables -A INPUT -p tcp -s 127.0.0.1/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.16.20/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp --dport 6000 -j REJECT Now, suppose I am using…
Pablo Santa Cruz
  • 1,144
  • 4
  • 18
  • 25
39
votes
7 answers

iptables multiple source IPs in single rule

I'd like to create a single rule in iptables (if possible) that uses multiple source IP addresses. Is this possible?
Glen Solsberry
  • 1,536
  • 5
  • 28
  • 38
38
votes
4 answers

How to block internet access to certain programs on Linux

Recently, I have encountered a problem of limiting Internet Access to specific programs. Could anybody recommend a good way of doing that, without using any particular software?
Ilia Ross
  • 1,086
  • 1
  • 10
  • 20
38
votes
3 answers

How to reset Ubuntu 12.04 iptables to default without locking oneself out?

Could anyone kindly provide the commands to completely reset the iptables (firewall) for Ubuntu 12.04 to its default "factory" setting? From what I understand, doing this wrong would cause one to be locked out of the linux box?
Honey Badger
  • 829
  • 3
  • 11
  • 15
37
votes
6 answers

Hardware Firewall Vs. Software Firewall (IP Tables, RHEL)

My hosting company says IPTables is useless and doesn't provide any protection. Is this a lie? TL;DR I have two, co-located servers. Yesterday my DC company contacted me to tell me that because I'm using a software firewall my server is "Vulnerable…
user80776
36
votes
1 answer

What is the point of the docker-proxy process? Why is a userspace tcp proxy needed?

I have noticed that there is docker-proxy process running for each published port. What is the purpose of this process? Why is a user space tcp proxy needed for this? $ ps -Af | grep proxy root 4776 1987 0 01:25 ? 00:00:00 docker-proxy…
Tarnay Kálmán
  • 1,038
  • 1
  • 7
  • 19
36
votes
1 answer

Difference between iptables -A and -I option

I've been trying (for hours) to configure iptables to allow DNS queries to my DNS server and just found out that my iptables kept blocking access due to the rule add option that I had been using. Most forums suggest a rule similar to the…
Zishan Neno
  • 555
  • 1
  • 6
  • 14
36
votes
4 answers

Allow traffic to/from specific IP with iptables

i want to allow all traffic to specific ip, using iptables. tryed by adding lines: /sbin/iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT ... but still can not acess to remote ip…
user48058
  • 863
  • 3
  • 12
  • 20
36
votes
4 answers

How to allow a range of IP's with IPTABLES?

Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x) # Generated by iptables-save v1.4.4 on Thu Jul 8 13:00:14 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :fail2ban-ssh -…
Kladskull
  • 1,255
  • 5
  • 15
  • 32
1 2
3
99 100