For some reason, I want to block port 25 for temporary time while editing the exim config and open it back using iptables -F command.
Anyone can let me know the command to block port 25 using IPtables command.
I'm trying to figure out an iptables rule to block certain ips for a limited duration, after which the block rule will be removed.
hits to the iptables filter while the ip is blocked should not renew the timer.
i got as far as:
iptables -A INPUT -m recent --name blacklist --rcheck --seconds 10 -j REJECT
iptables -A INPUT -m recent --name blacklist --remove
but how do i blacklist an ip now ? (this needs to be done via external app and not via iptables matches/hitcounts)
iptables -A INPUT -s xxx.xxx.xxx.xxx -m recent --name blacklist --set
would renew the blacklist every time that ip sends a packet no matter if it is blocked or not. and also that rule would remain in iptables even when expired
I use
iptables -I INPUT -s 60.216.238.212 -j DROP
To block ip, not working
After issue
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I can still see
87 218.86.252.158
163 219.150.191.62
301 60.216.238.212
60.216.238.212 still has 301 connection, any idea.
Basically, I use ddos-deflate to block ddos attack.
I already set the max conection to 25.
But it seems not working.
all the connections over 25 have not been blocked.
Did I miss something?
I mean after I issue
iptables -I INPUT -s 60.216.238.212 -j DROP
Do I need to do something like refresh iptables?
What is the command I need to issue to block an IP address from my server? I need to block both inbound and outbound access.
I need the rule to append to existing rules so if the server is rebooted the rule will still be in effect.
I recently looked at my secure and mesaages log and have been getting a lot of failed SSH root login attempts. So I thought I better do something about it.
Ideally I want to allow SSH login from just 3 remote public IP's, and block all others from even trying
How would you go about implementing this?
I have tried using IPTables, but I think im getting the rule wrong somewhere.
Here is what I have:
Code:
## Access to SSH from Pre-approved IP Addresses ONLY ##
iptables -I INPUT 1 -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 22 -s 123.123.123.124 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -s 123.123.123.125 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 22 -s 0.0.0.0 -j DROP
However this still lets me login from IPs not in the list above?
I'm not that good at IPTables so bare with me. I think I got the rules correct though but it doesn't work Here is what I am trying to do.
I have a server at let's say 111.222.11.10(I will call this server A) and another at 111.222.11.20(I will call this server B).
These servers are in same datacenter.
What I am trying to do here is when a user accesses port 2000 on server A, I want server A to forward/proxy the port to 2000 at Server B. I have tried the following so far.
Non of them worked.
iptables -t nat -I PREROUTING -p tcp --dport 2000 -j DNAT --to 111.222.11.20:2000
iptables -I FORWARD -p tcp -d 111.222.11.20 --dport 2000 -j ACCEPT
[root@n1-cluster ~]# iptables -t nat -I PREROUTING -p tcp --dport 2000 -j DNAT --to 111.222.10.20:2000
[root@n1-cluster ~]# iptables -t nat -A PREROUTING -p udp --dport 2000 -i eth0 -j DNAT --to 111.222.10.20:2000
iptables -A FORWARD -i eth0 -p tcp --dport 2000 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2000 -j DNAT --to-destination 111.222.10.20:2000
Yes, I have done service iptables save and start.
Also iptables -F
Any ideas on what may be wrong?
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
How do i block all traffic to a port using iptables?
For example, i need to stop all incoming traffic on port 80 of my server.
I login & send email through thunderbird using SSL and it's ports (so I no longer connect using 25/26). Occasionally I use webmail (Squirrelmail)
My scripts do send mail via sendmail.
Does my cpanel server still need the basic 25 & 26 ports to deliver and receive mail successfully, or can they be blocked in APF without any problems arising?
if it is possible to block external access to Cpanel through port 2082?
View 7 Replies View RelatedI execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))
I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.
This is what I have now:
/etc/apache2/ports.conf
Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
View 1 Replies View RelatedI have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would.
How can I keep my connection/port number ...?
about the NIC and switch,
there are giga port vs mega port,
in your experience,do they really be different?
I recently changed my SSH port, but locked myself out when my APF firewall was installed.
Where would I got to add a custom port inside the APF's config file?
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies View RelatedI need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies View Relatedi install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies View RelatedI got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.