Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6626 questions
2
votes
2 answers

ACCEPT statements in policy DROP

I'm trying to set up some rules using IPtables under Debian (Wheezy) and have been running in to some problems i think. The policy of INPUT is set to DROP. Does this drop everything based on the rules I put into INPUT or is it like a standard…
Joakim Hellström
  • 77
  • 1
  • 11
2
votes
1 answer

Why does my Firewalld configuration on CentOS 7 fail to start and show iptables errors?

I'd like to: Drop all incoming connections from the external Web except 80 and 443 Allow internal machines on 192.168.0.0/16 to connect to :9000 :8080 Here's what I did to setup my drop zone via firewall-cmd: echo "net.ipv4.ip_forward=1" >>…
editor
  • 383
  • 2
  • 5
  • 21
2
votes
1 answer

iptables unknown option `--connlimit-upto'

I have been getting hit pretty hard every day from thousands of requests all from the same few class's of ip addresses. Recently it's taking up all of my MYSQL connections and not allowing any new connection. I am now trying to configure my firewall…
Steve Payne
  • 123
  • 4
2
votes
1 answer

Block traffic to certain servers

In my organization, I'd like to make sure all servers are only accessible from the inside. The only exceptions are the mail and webservers. What's the best way to do this? My own suggestion was blocking ALL incoming traffic via 'iptables' except…
Sam Hendrickx
  • 71
  • 9
2
votes
2 answers

Iptables: Filtering string encrypted by ssl

I need to filter (send to BANRULES set) incoming http/https packets with a certain string (matchword). I do it easy when ssl is not in use (port 80): iptables -A INPUT -p tcp -m tcp --dport 80 -m string --string "matchword" --algo bm --to 65535 -j…
Carlinhos
  • 21
  • 2
2
votes
1 answer

Redirect all traffic from multiple interfaces to single IP

I would like to redirect all traffic (specifically TCP & UDP) from multiple WAN interfaces (ppp0, ppp1, ppp2) to a single IP from eth0. When it comes to interface to IP, I can use the PREROUTING and POSTROUTING and change the destination and source…
RoeeK
  • 151
  • 2
  • 8
2
votes
3 answers

Use iptables to log connections except for two addresses

We would like to use iptables to log all network connections except if the connecting address is A.B.C.D or the connecting address is E.F.G.H. These two addresses cannot be combined into a single CIDR range without the range including addresses we…
user35042
  • 2,681
  • 12
  • 34
  • 60
2
votes
2 answers

No SNMP query responses from Ubuntu 14.04 LTS server client machine

Alright, I've got two VMs both running under ESXi. One VM is hosting Observium, which uses SNMP to grab its info. I pointed Observium at my ESXi host directly, and it worked fine, so there's no issue with Observium. Trying to add the device using…
taylorthurlow
  • 131
  • 1
  • 7
2
votes
1 answer

UFW deny all incoming except SSH

I am about to configure firewall with UFW. I am logged in over SSH so I don't know if the terminal will be locked out as soon as I do: sudo ufw default deny incoming If so, how can I deny all incoming (lock the whole thing down) except SSH and do…
Zuriar
  • 151
  • 1
  • 1
  • 6
2
votes
2 answers

Make CentOS 7.x a port forwarding NAT device

I would like to make CentOS a port forwarding NAT machine using iptables. This is the first time I've tried this and I think i might need a little help. This is the configuration i'm trying to achieve. I'm trying to make a remote desktop connection…
Yuan Chen
  • 133
  • 1
  • 1
  • 7
2
votes
1 answer

Traffic shaping outbound clients source ip with tc / iptables

My question is I am trying to limit a users bandwidth on a server and wondering the best way to do this. Before I dive to far into the tc/iptables I was wondering if I could get any advice on this and if someone could give me a sample config that…
dryve
  • 23
  • 3
2
votes
1 answer

How to route traffic through different interfaces based on the port number?

iptables -A PREROUTING -i usb0 -t mangle -p tcp --dport 8080 -j MARK --set-mark 1 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source …
JimmyCummings
  • 21
  • 2
2
votes
0 answers

How to monitor the bandwidth per each iptables masqueraded device

Question: Which tool could I use to monitor and break-down in real-time which bandwidth is routed by iptables to which computers? Context: I have a linux box masquerading about 15 devices to internet with iptables with 3 ethernets (2 LAN, 1…
Xavi Montero
  • 355
  • 3
  • 18
2
votes
3 answers

Conntrack shows no result

I tried the command conntrack -L and it returns nothing when I have a ping www.google.com running. I also tried to load the module by modprobe nf_conntrack. But it still always returns conntrack v1.0.0 (conntrack-tools): 0 flow entries have been…
manxing
  • 121
  • 1
  • 2
2
votes
2 answers

How to forward traffic to different nics based on source?

I'm a newbie to IPtables, but am looking to do send traffic to a specific card based on the source. Here's what I would like: eth0 - all traffic comes in on this NIC Depending on the source IP, I want to direct traffic out to the Internet on either…
Ryan
  • 41
  • 3
1 2 3
99 100