Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
3 answers

10,000 entries in iptables on CentOS 4GB Ran, dual core 2.3ghz?

I am running a linux box with FreePBX/Astrisk installed. I have blocked China and Hong Kong using lists from ip2location. com/blockvisitorsbycountry.aspx website. My fail2ban was going off like every 3-9 minutes with blocks and now I have very…
Chad Taylor
  • 23
  • 5
2
votes
1 answer

why is are there dns host names in my iptables entries? (fail2ban)

I recently installed fail2ban which has begun blocking bad ssh attempts. I also set up an additional filter to permanently ban repeat offenders. I notice now that there are some entries in my iptables that are there as DNS hostnames instead of raw…
Dale C. Anderson
  • 587
  • 1
  • 5
  • 13
2
votes
1 answer

Is it possible (how?) to Route incoming UDP packets with one target IP to a destination IP that is resolved through a DNS query for a static URL?

I have a set of mobile devices that are configured to send UDP messages to an IP-address that is set in their SRAM. They don't have the capability to either store a URL, or resolve a URL to an IP address. The traffic going to the destination IP that…
darkhipo
  • 125
  • 7
2
votes
1 answer

iptables setup forwarding between two ethernet interface

I want to create a gateway on linux which has 2 interfaces eth0 and eth1. Eth1 is created by a lte modem and once the lte modem attaches to the network and gets an ip address. Then a dhcp server is run on the gateway to provide this IP address…
Syed Aslam
  • 21
  • 5
2
votes
1 answer

ipset not being applied to iptables

I'm trying to filter out a country that keeps probing my SMTP server (CentOS6) and I can't seem to get the ipset to work out right in iptables. I downloaded that countries IP addresses from ipdeny.com and installed the list as a text file. …
pathrider
  • 135
  • 6
2
votes
1 answer

How to create a private network between a VPS and 4 IPs?

I own a VPS running Debian and i want to avoid security breaches from "outside" (via Internet). I want to guarantee these rules: Allow all outbound traffic; Allow HTTPS connections from IP 1, 2, 3; Allow SSH connections from IP 4. So, anything…
Christopher
  • 143
  • 4
2
votes
1 answer

Simulate 2 clusters in the same network

I have 4 pc´s and another pc, which will act as a proxy, all being in the same network: 172.16.96.0/20 . I can ping between each other. But, I want to separate them into two groups. That is: pc1 is directly connected to pc2 pc3 is directly connected…
Roxana Roman
  • 121
  • 1
2
votes
1 answer

TLS Error: Handshake failed. Openvpn Server is behind NAT on dynamic ip

this is a common problem that appears easily in searches and seems to be related to the firewall , yet I can't seem to figure out how to fix it. I have actually asked before, but this time I come back with more info on the matter and a better…
nass
  • 568
  • 4
  • 10
  • 24
2
votes
1 answer

Restore rules from output of `iptables -S`

I have a bunch of rules dumped with iptables -S: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m…
paddy
  • 238
  • 2
  • 7
2
votes
2 answers

Trying to connect to servers in a remote lan with softether vpn client and iptables nat ip_forwarding

I have implemented a softether vpn server on one aws server connected to other instances in a LAN. I can ssh into the server with ssh myname@10.0.1.10 without problem. I followed this guide My goal is to allow me to access remote aws servers on a…
markhorrocks
  • 513
  • 3
  • 10
  • 26
2
votes
0 answers

Test if iptables would pass a given ip/ip-range

I am currently trying to debug problems relating to our firewall configuration and found myself in the situation where I would like to test a config. Ideally I would like to take the iptables config and give it an IP or an IP range and get the…
GoldenThunder
  • 121
  • 2
2
votes
1 answer

How to count packets coming from outside using iptables?

If you don't give iptables a target, it simply counts how many bytes and packets match the rule. I'd like to count all packets that come from outside, i.e. don't match 10.0.0.0/8 and don't match 192.168.0.0/16. My first intuition is: iptables -A…
Shelvacu
  • 373
  • 1
  • 2
  • 15
2
votes
1 answer

Configuring iptables for Haproxy

Ubuntu machine running haproxy with 2 network cards, 1 connected to WAN (called wan0) and another connected to LAN (called lan0). All chains set to DROP traffic. # Masquerade traffic from LAN to WAN -A POSTROUTING -o wan0 -s 192.168.x.x/24 -j…
invulnarable27
  • 183
  • 1
  • 3
  • 8
2
votes
1 answer

Block smtp service to a IP centos 7 Firewall

I would like to know how to block an IP to use smtp service on a server with centos 7 firewall . I try to use something like this : firewall-cmd --permanent --zone="public" --add-rich-rule='rule family=ipv4 source address=[ipadress]…
Mik
  • 83
  • 1
  • 1
  • 6
2
votes
0 answers

Stop senseless mass-queries on DNS-server

I have a disturbing problem for a few weeks now ... One of my three DNS-servers (running bind9 as slave of a Plesk DNS master) is getting spammed with senseless DNS requests. The origin IPs of those requests are from all over the world, so I can't…
iLLogical
  • 29
  • 3
1 2 3
99 100