Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
29
votes
2 answers

Does traceroute use UDP or ICMP or both?

When I do a trace on the www.google.com domain from my laptop, am I using icmp or udp ? I thought it was icmp type 11 but while searching for something else I came across rules where icmp type 30 was used and I saw rules where udp was used. Can…
Kris
  • 1,367
  • 3
  • 15
  • 17
28
votes
2 answers

Don't understand [0:0] iptable syntax

I'm struggling with some iptables rules. I'm a newbie in iptables. I found some resources where I get the following command related to iptables. This is stored in a file that will be executed. [0:0] -A PREROUTING -s 10.1.0.0/24 -p tcp -m tcp --dport…
artaxerxe
  • 541
  • 2
  • 10
  • 22
27
votes
1 answer

How can I block all traffic *except* Tor?

On a Linux system, is there a way to block all in and outbound traffic unless it passes through the Tor network. This includes any form of IP communication, not just TCP connections. For example I want UDP to be completely blocked since it cannot…
David
  • 588
  • 2
  • 6
  • 14
27
votes
3 answers

Allowing FTP with IPTables

My current scenario involves allowing various rules, but I need ftp to be accessible from anywhere. The OS is Cent 5 and I am using VSFTPD. I can't seem to get the syntax correct. All other rules work correctly. ## Filter all previous…
IOTAMAN
  • 665
  • 2
  • 8
  • 13
27
votes
2 answers

How do I allow outgoing connections via iptables?

I have two servers. The program on the first needs to communicate with the second on port 2194. I know its not working, because when I do: root@server1 [~]# telnet myserver2.com 2194 Trying 123.123.123.98... telnet: connect to address…
siliconpi
  • 1,807
  • 6
  • 32
  • 46
26
votes
4 answers

Docker breaks libvirt bridge network

This issue is driving me crazy. I run a fresh install of Ubuntu 18.04, with: ufw to manage the firewall a br0 bridge lxd and libvirt (KVM) I tried stock docker.io package and packages form docker's own deb repository. I want o be able to deploy…
Laurent
  • 406
  • 1
  • 4
  • 14
26
votes
1 answer

Why does a Docker container running a server expose port to the outside world even though said port is blocked by iptables?

I'm having a problem with MySQL running inside a Docker container. My testing image is built from the following Dockerfile: # See: https://index.docker.io/u/brice/mysql/ FROM ubuntu:12.10 MAINTAINER Joni Kahara # Because…
kahara
  • 675
  • 1
  • 6
  • 11
26
votes
5 answers

Whitelist allowed IPs (in/out) using iptables

I have a few ip ranges to which I want my server to able to connect and users to connect from. Everything else should be blocked. How should I do that with iptables? My OS is Debian based linux distribution.
Frank Bannister
  • 361
  • 1
  • 3
  • 3
26
votes
3 answers

How do I export and restore my iptables settings?

I have what appears to be weird and convoluted set of rules which work for me at the moment. Is there a way of "exporting" those and saving them to a file so that they can be restored later on in case things are messed up?
siliconpi
  • 1,807
  • 6
  • 32
  • 46
25
votes
3 answers

Debugging iptables and common firewall pitfalls?

This is a proposed Canonical Question about understanding and debugging the software firewall on Linux systems. In response to EEAA's answer and @Shog's comment that we need a suitable canonical Q&A for closing common relatively simple…
HBruijn
  • 77,029
  • 24
  • 135
  • 201
25
votes
7 answers

Duplicate iptable rules

I have this iptable rules: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N fail2ban-ssh -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -i lo -j ACCEPT -A INPUT -m…
Leandro Garcia
  • 473
  • 2
  • 8
  • 15
25
votes
6 answers

Use iptables to forward ipv6 to ipv4?

Currently I have a setup where, due to configuration that would take forever to fix, I have a server that can only be accessed by ipv4. I also, however, have a server that can be accessed by ipv6. I was wondering if I could use iptables to forward…
Eli
  • 395
  • 3
  • 7
  • 15
24
votes
2 answers

Iptables rule-set so that a docker container can access a service on a host IP

I have troubles accessing a host private interface (ip) from a docker container. I'm fairly certain that it's related to my Iptables rules (or perhaps routing). When I add the --net=host flag to docker run, everything works as expected. Similarly…
Dynom
  • 251
  • 1
  • 2
  • 9
24
votes
4 answers

Undoing port forwarding

I need all requests to port 80 to be forwarded to 8020. I Googled it and I got: iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 8020 Now in the future if I have to undo it what do I do (apart…
raj
  • 371
  • 1
  • 4
  • 9
23
votes
12 answers

Fail2Ban: already banned?

I have Fail2Ban running on my Centos Server. (Config below) In my var/log/messages I noticed something really weird: Jun 19 12:09:32 localhost fail2ban.actions: INFO [postfix] 114.43.245.205 already banned I configured Fail2Ban to add the banned…
3und80
  • 343
  • 1
  • 2
  • 6
1 2 3
99 100