Stack Overflow
Stack Overflow

Questions tagged [iptables]

GENERAL IPTABLES SUPPORT IS OFF-TOPIC. Support questions may be asked on https://superuser.com. An application that allows administrators to configure the packet processing tables provided by the Linux kernel firewall. Use this tag only for questions on programming with iptables. Questions about configuring iptables should be asked on Server Fault (https://serverfault.com/tour).

An application that allows administrators to configure the packet processing tables provided by the Linux kernel firewall. Use this tag only for questions on programming with iptables. Questions about configuring iptables should be asked on Server Fault.

Links:
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
Iptables Essentials: Common Firewall Rules and Commands

2035 questions
9
votes
1 answer

I/O with a Tun interface

The intent is to have a program intercept a collection of IP packets and read its raw content and then reinsert it to the network after tinkering with it. My approach is based around setting up a Tuntap interface (Tun, to be specific), and then have…
Jarmund
  • 3,003
  • 4
  • 22
  • 45
9
votes
2 answers

Docker - modifying IPTABLES for host from container

I want to run a docker container with central log and fail2ban service to prevent from dos/ddos attacks. I'm having a problem to run a container with such capabilities that it could also modify the hosts iptables. There is a project…
Maciej Krajewski
  • 101
  • 1
  • 1
  • 3
9
votes
1 answer

Docker's NAT table output chain rule

i am trying to understand one of the rules in the iptables: $ sudo iptables -t nat --list -v ... Chain OUTPUT (policy ACCEPT 618 packets, 31267 bytes) pkts bytes target prot opt in out source destination 0 0…
otm
  • 685
  • 2
  • 9
  • 21
9
votes
1 answer

Python-iptables how to optimize code

I am just learning python and have written some code to set iptables using the python-iptables library. The problem I'm running in to is that I had to rewrite a lot of the same lines of code over and over. I understand functions somewhat but not…
h33th3n
  • 257
  • 1
  • 3
  • 11
9
votes
2 answers

How to get client IP behind an AWS ELB?

With a webserver (apache or nginx) I am able to find the x-forwarded-for header and find the client IP rather than the ELB's IP. Can I do the same thing using IPTables so that I am able to block certain IP addresses? I can do this at the webserver…
Abs
  • 56,052
  • 101
  • 275
  • 409
9
votes
2 answers

Redirect traffic of Google Talk for Android

I know Google Talk for Android tries to connect to mtalk.google.com:5228 (or port 5223 or port 5222) but when I'm connected to University Wifi I can't use gTalk because all outgoing connection to port 5228 (etc.) are blocked. I know also that the…
Alberto
  • 2,881
  • 7
  • 35
  • 66
9
votes
3 answers

Run a system command when an IPTables rule is matched

:) I'm wanting to be able to run a system command when an IPTable rule is hit, passing the IP address of the remote device to it. I've had a look around but found nothing. I thought of grepping logs, but I'm expecting a lot of traffic.. Any help…
AndyD
  • 105
  • 1
  • 6
9
votes
3 answers

Restricting MySQL 3306 port to localhost with IPTABLES

I am trying to restrict MySQL 3306 port on a linux machine from making any connections to anything other than localhost to prevent outside attacks. i have the following code, i am not sure if it's correct: iptables -A INPUT -p tcp -s localhost…
califmerchant
  • 167
  • 1
  • 2
  • 7
8
votes
3 answers

NodeJS server not accessible from outside

I deployed a nodejs server in Rackspace and can be accessed internally, like using: curl http://127.0.0.1:8080 However, it can't be accessed from the outside (the internet) even if I do this: iptables -A OUTPUT -p tcp --dport 8080 -j…
quarks
  • 33,478
  • 73
  • 290
  • 513
8
votes
1 answer

iptables with docker port mapping

Iptables rules are notoriously difficult to set up when Docker is running on the host, and I thought I had a definitive solution in this fantastic blog post: https://unrouted.io/2017/08/15/docker-firewall/ The configuration described in this blog…
Régis B.
  • 10,092
  • 6
  • 54
  • 90
8
votes
1 answer

How to setup FirewallD to filter traffic to docker exposed port

I have setup a pi-hole docker container and exposed the dns ports and port 80 on CentOS7. However the ports are available for all sources now which is not very handy since its running on a VPS. So I am trying to have firewallD filter the traffic…
Warsenius
  • 161
  • 1
  • 1
  • 7
8
votes
1 answer

Implementing iptables rules on Kubernetes nodes

I would like to implement my own iptables rules before Kubernetes (kube-proxy) start doing it's magic and dynamically create rules based on services/pods running on the node. The kube-proxy is running in --proxy-mode=iptables. Whenever I tried to…
Luminance
  • 820
  • 1
  • 10
  • 24
8
votes
3 answers

Can't delete docker container's default iptables rule

If I type iptables -L there is this line in the output : Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http-alt My container is…
vdegenne
  • 12,272
  • 14
  • 80
  • 106
8
votes
2 answers

How to read iptables TRACE logs (policy numbers)

So I added sudo iptables -t raw -A PREROUTING -p tcp --dport 25 -j TRACE as well as sudo iptables -t raw -A OUTPUT -p tcp --dport 25 -j TRACE and when I grep my syslog for TRACE I get output that looks like this Jan 19 09:14:46 dev109 kernel:…
loonyuni
  • 1,373
  • 3
  • 16
  • 24
8
votes
1 answer

docker internet connectivity with iptables=false

I give up. I'm using Docker 1.12.0 under ubuntu 16.04 hardened with UFW. The machine has 2 interfaces - one public (eth0) and one to private network (eth1) Server Version: 1.12.3 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing…
orshachar
  • 4,837
  • 14
  • 45
  • 68
1 2 3
99 100