Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
17
votes
5 answers

Managing iptables rules in Linux

I have a lot of rules for my iptables setup (routing, ssh bans etc) I also picked up a list of IP's to ban from here http://blacklist.linuxadmin.org and now its getting really complicated. My /etc/sysconfig/iptables is really long. Is there a way…
Rushi
16
votes
5 answers

How does an IP packet know which gateway to take?

Suppose two gateways exist on the same network. If I understand correctly, the IP routing table on sender's computer decides which packets get routed through which gateway. IP routing tables contain the IP address of the gateway. How is this IP…
Simon Farshid
  • 263
  • 2
  • 7
16
votes
5 answers

iptables management tools for large scale environment

The environment I'm operating in is a large-scale web hosting operation (several hundred servers under management, almost-all-public addressing, etc -- so anything that talks about managing ADSL links is unlikely to work well), and we're looking for…
womble
  • 96,255
  • 29
  • 175
  • 230
16
votes
5 answers

Making iptables easier to maintain

My network is completely locked down except for a few sites which are whitelisted. This is all done through iptables, which looks something like this: # Allow traffic to google.com iptables -A zone_lan_forward -p tcp -d 1.2.3.0/24 -j ACCEPT iptables…
Big McLargeHuge
  • 393
  • 3
  • 4
  • 14
16
votes
3 answers

How many rules can iptables support?

Someone asked me this recently and I had no answer for it. I know this is kind of an open-ended question but is there a limit on the numnber of rules you can install in a table/chain? If so, how can I find it out? I guess it will vary across…
Bruce
  • 523
  • 2
  • 5
  • 17
16
votes
4 answers

iptables, default policy vs rules

Is there any difference in dropping not-matched packets with default policy vs -j DROP on the end? Like: iptables -P INPUT DROP iptables -A INPUT --dport 80 -j ACCEPT vs iptables -A INPUT --dport 80 -j ACCEPT iptables -A INPUT -j DROP The reason…
someone
  • 163
  • 1
  • 1
  • 4
16
votes
6 answers

How do I list IP addresses blocked by iptables?

To prevent brute force attacks against ssh I've added some iptables rules (below). The question is: How can I list the blocked IP addresses? (1) iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A…
milton
16
votes
4 answers

A secure, standard iptables rule-set for a basic HTTP(s) webserver

I have been trying to put together a basic server iptables script that will work for most sites just running a basic webserver using HTTP(S) and SSH (ports 80, 443, & 22). After all, most VPS only need these starting ports rules and can add mail or…
Xeoncross
  • 4,449
  • 12
  • 43
  • 56
16
votes
3 answers

Throttle bandwidth via iptables

I have a need to throttle the bandwidth usage, similar to how some ISPs do it, so that after a couple of seconds, it throttles down the speed.
Glen Solsberry
  • 1,536
  • 5
  • 28
  • 38
15
votes
3 answers

Cannot Set UID on Shell Scripts

Can anyone help me find out what is going on here? I have some rules set up tracking packet counts. When I run the following script as root: #!/bin/bash iptables -t mangle -xnvL I get the output I expect: //snip 233203 199929802 MARK //blah blah…
Tom Ritter
  • 3,197
  • 5
  • 27
  • 30
15
votes
2 answers

How to save iptables configuration on Redhat Enterprise Server 7

I have a Redhat server (Red Hat Enterprise Linux Server release 7.2 (Maipo)) that resets iptable rules on re/boot. According to the version 6 documentation, I execute: /sbin/service iptables save which returns: The service command supports only…
Roy Hinkley
  • 527
  • 4
  • 13
  • 20
15
votes
2 answers

Is there a way to run just save with firewalld in RHEL7?

I'm starting to use RHEL7 and learning a little about the changes that come with systemd. Is there a way to perform /sbin/service iptables save in firewalld? $ /sbin/service iptables save The service command supports only basic LSB actions (start,…
Peter Souter
  • 651
  • 1
  • 4
  • 13
15
votes
6 answers

Will blocking all connections outside of the US, aside from port 80 cause a high server load?

Like most servers (I assume), we have people trying to brute force our services 24/7. I have cpHulk blacklist their IP's, but it seems like it'd be better if they didn't get that far in the first place. Myself and my host are the only ones who…
Big Iron
  • 151
  • 1
  • 3
15
votes
3 answers

Fail2Ban Correctly Attempts to Ban IP but IP does not get banned - iptables chain exists but not working

Running on Ubuntu 14.04 Server. So I have fail2ban correctly configured to process /var/log/auth.log for SSH login attempts. Upon 3 failed attempts I see this in the fail2ban log: 2014-11-19 15:22:56,822 fail2ban.actions: WARNING [ssh] Ban…
Halsafar
  • 271
  • 1
  • 2
  • 8
15
votes
3 answers

Block outgoing connections on RHEL7/CentOS7 with firewalld?

RHEL7/CentOS7 features a new firewalld firewall service, that replaces the iptables service (both of which use iptables tool to interact with kernel's Netfilter underneath). firewalld can be easily tuned to block incoming traffic, but as noted by…
golem
  • 347
  • 1
  • 3
  • 11
1 2 3
99 100