Stack Overflow
Stack Overflow

Questions tagged [iptables]

GENERAL IPTABLES SUPPORT IS OFF-TOPIC. Support questions may be asked on https://superuser.com. An application that allows administrators to configure the packet processing tables provided by the Linux kernel firewall. Use this tag only for questions on programming with iptables. Questions about configuring iptables should be asked on Server Fault (https://serverfault.com/tour).

An application that allows administrators to configure the packet processing tables provided by the Linux kernel firewall. Use this tag only for questions on programming with iptables. Questions about configuring iptables should be asked on Server Fault.

Links:
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
Iptables Essentials: Common Firewall Rules and Commands

2035 questions
7
votes
3 answers

Forwarding traffic from 80 to 8080

I have tomcat installed with puppet. It runs on standard 8080 port. The tomcat process is started as tomcat user. I'd like to redirect all traffic from port 80 to 8080. My iptables settings look as follows: Nat: # iptables -L -t nat Chain PREROUTING…
Marcin Pietraszek
  • 3,134
  • 1
  • 19
  • 31
7
votes
2 answers

Allow Redis connections from only localhost?

I'm running Redis on my webserver (Debian/Nginx/Gunicorn) for session storage and have reasons to believe my Redis server is being hacked. It's definitely possible because if I run the command "redis-cli -h (HOST IP)" on a different machine against…
Jim
  • 13,430
  • 26
  • 104
  • 155
7
votes
1 answer

IPTables rate limit per destination IP and port

I currently have these rules: iptables -I FORWARD -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22&0x3C@8=0xFFFFFFFF' -j SRCDS-TRF iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22&0x3C@10&0xFFFF=0x5453' -m limit…
user1372896
  • 542
  • 1
  • 10
  • 27
7
votes
1 answer

Dynamic listening ports inside Docker container

I have an application which after making some connections using its default ports starts opening(listening) new RANDOM ports to handle just the existing connection and then drops them (Video calls). It also exchanges its IP address and ports inside…
Victor H.
  • 103
  • 4
7
votes
1 answer

How do you edit a rule in iptables?

I have a rule in iptables that looks like this: DROP all -- 5.158.238.32 anywhere But I would like to change it to be: DROP all -- 5.158.0.0/16 anywhere How do I do this? I've found info on how you add rules but…
CMSCSS
  • 2,076
  • 9
  • 28
  • 49
7
votes
1 answer

iptables -j vs. -g parameters

From the man page of my distro, I am especially interested in the bold part below. -j, --jump target This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this…
sjas
  • 18,644
  • 14
  • 87
  • 92
7
votes
2 answers

Setting up docker containers with nat

I am setting up two docker containers container1 container2 | | | eth0 eth1 | | | eth1 docker0 docker1<---------------- | …
ramz
  • 361
  • 2
  • 6
7
votes
1 answer

Restricting MySQL 3306 port with IPTABLES

How to block mysql port 3306 for everybody, but allow it for a specific IP? This is what I currently do: iptables -I INPUT 1 -p tcp --dport 3306 -j ACCEPT
Putra Fajar Hasanuddin
  • 1,101
  • 3
  • 13
  • 25
7
votes
1 answer

Utility iptables lists host names and not IP addresses

Using command iptables -L I list the rules in a all chains, but this tool lists host names instead of IP addresses for the rules that are saved. This is kind of hard reading, as in case I want to quickly find some IP address in the list, it is…
Ωmega
  • 42,614
  • 34
  • 134
  • 203
7
votes
2 answers

Allow ssh incoming/outgoing and blocking all outgoing besides specific ports

I am trying to create iptable rules that will allow incoming and outgoing ssh connections, and then allow outbound connections to specific ports, then finally drop anything that doesnt match. These are the rules I have come up with, the SSH rules…
randy newfield
  • 1,221
  • 3
  • 25
  • 38
7
votes
1 answer

is there any api for linux iptables , so that my program can add firewall rules

I am writing an application using libc, for that am in search of an api for iptables so that i can add firewall rules using my program .is there any available set of api to do this.
cc4re
  • 4,821
  • 3
  • 20
  • 27
7
votes
1 answer

Iptables: forward request on different interfaces and port

I have a machine with 2 interfaces: eth0 inet addr:1.1.1.1 eth1 inet addr:2.2.2.2 eth0 is a server, eth1 is the network on virtual machine. I have ssh on server, so 1.1.1.1:22 is busy. I need a rule for redirecting incoming connections on…
Andrea
  • 265
  • 1
  • 3
  • 13
6
votes
1 answer

Enable forwarding from Docker containers to the outside world

I've been wondering why docker installation does not enable by default port forwarding to containers. To save you a click, what I mean is: $ sysctl net.ipv4.conf.all.forwarding=1 $ sudo iptables -P FORWARD ACCEPT I assume it is some sort of…
user27221
  • 334
  • 3
  • 16
6
votes
1 answer

Docker: How to redirect a IP within a container to another IP

I never touched the iptables for Docker but now I think I have to. Within a special container, a program/script calls an IP 57.55.10.210 and I cannot change it (another story). I want to redirect the call to this IP to 192.168.38.13. How can do this…
FrankS77
  • 271
  • 4
  • 17
6
votes
3 answers

Docker inserting iptable Postrouting rules on top of admin added rules

I had to add few iptable entries into NAT table, POSTROUTING chain, to allow docker containers to access internet through a different source-address/source-interface of Host Machine (to_source). Things are working fine. Ex: target prot opt…
Ram
  • 1,153
  • 4
  • 16
  • 34
1 2 3
99 100