IPTABLES (Linux Firewalls)
May 21, 2006
IPTABLES(Linux Firewalls)
Use Of Iptables?
Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
Firewall also keeps track of each connection passing through it and in certaincases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
How IP Tables works?
All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/filtering chain.
There are three tables in total. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.
The second table is the filter queue which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules.
a) INPUT Table b) OUTPUT Table c) FORWARD Table
General Syntax of the iptables is as follows:
IPTABLES -A {INPUT,OUTPUT,FORWARD} -p {tcp,udp} --sport(dport) -s {ip} -j {DROP,REJECT,ACCEPT}
To Block the incomming ip:
IPTABLES -A OUTPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
To Block the outcomming ip:
IPTABLES -A INPUT -p tcp --sport{1..65535} -s {ipaddress} -j DROP {REJECT}
You can also use --dport instead of --sport & you can use -d instead of -s which specifies source or destination respectively.
View 0 Replies
ADVERTISEMENT
Jan 12, 2007
I have just taken delivery of a shiny Windows 2K3 server from a2b2.com and wanted to secure it so that only remote desktop and port number 3306 from certan IP address are allowed to connect to it. I would also like to have NO outgoing connections allowed at all.
My questions are 1) Is this able to be done? and 2) Approximatly how much would it cost.
View 9 Replies
View Related
Sep 6, 2007
I am about to sign up for a VPS host which doesn't seem to offer hardware based firewalls which means that I am stuck with software based ones. Perhaps I am being old fashioned, but this do make me a bit nervous, as I have the impression that a hardware based firewall is better (of course assuming correct configuration and such)....should I be worried? Is Windows Firewall to be trusted or should I look for something else? My concern isn't only if the firewall will stop any attacks or not, but also at what cost, considering CPU, memory etc. Any comments and recommendations would be apprechiated. I'm not NASA or anything, so I don' really think that the worlds hacker elite is going to come after me, but from what I see in the logs of my current firewall, there is a lot going on on the internet these days and it isn't all good.
View 14 Replies
View Related
Mar 23, 2007
I'd like to know what the current "best practice" thinking is with regard to hardware firewalls. Are they really necessary for a Linux server running a solid iptables-based software firewall? Or do they simply add another potential point of component failure?
What are the pros/cons to deploying a hardware firewall vs. going iptables-only on the server?
View 5 Replies
View Related
Jan 8, 2008
Are there any free Fire walls available for CentOS 32 bit ?
I heard APF Firewall . Is that APF Firewall free ?
Is that APF Firewall has enough security ?
Is that slow down my server?
(p4 -D 3GHz / 1GB Ram)
View 10 Replies
View Related
Dec 28, 2008
I am in the process of looking for a firewall to install on my windows server.
However, which firewall is the best?
Is it better looking for a hardware firewall (Cisco 5510 Firewall) or a software firewall (Quick Heal Firewall Pro)?
View 12 Replies
View Related
May 21, 2008
We are upgrading to a managed server from a VPS. Our main concern is security as we process customers' confidential personal information but don't have large volumes of traffic. Our application developer is recommending the following config:
Firewall --> Web/App Server --> Firewall --> DB Server
The logic being that if the first firewall is breached at least they don't have access to the DB.
Is this really critical or do you think we can start with:
Firewall --> Web/App/DB server?
Obviously budget is a concern and since we will have low traffic for the next few months it seems silly to pay double if it isn't really needed?
View 3 Replies
View Related
Jun 22, 2015
I have a list of bad Ips and would like to add it into iptables, but I don't went to enter one-by-one or by command line, I would like to insert into list file of iptables editing a file or something like that, where and how I can procedure to do this?
View 5 Replies
View Related
Feb 21, 2007
Do I have to reinstall or re-config firewalls (BFD, APF, etc), eAccelerator, etc after I re-built Apache?
View 9 Replies
View Related
Aug 4, 2008
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
View 3 Replies
View Related
Feb 13, 2015
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
View 4 Replies
View Related
Jul 8, 2015
I have a strange issue on a Plesk 12 VPS. Sometimes the sites result in a "502 Bad Gateway (nginx)". This happens 1 or 2 times a day on different times.
In the httpd log I see a record "can't apply process slot" and in nginx log I see "connect() failed (111: Connection refused) while connecting to upstream" but restarting apache and/or nginx will not always result in a working site.
When I restart iptables everything is working fine again.
View 5 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Aug 4, 2006
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies
View Related
Jan 20, 2008
I need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
View 7 Replies
View Related
May 24, 2007
What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies
View Related
Apr 13, 2009
i install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
View 11 Replies
View Related
Apr 10, 2009
Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
View 10 Replies
View Related
Feb 4, 2007
If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
View 14 Replies
View Related
Sep 21, 2007
I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
View 2 Replies
View Related
May 15, 2007
I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
View 5 Replies
View Related
Sep 12, 2007
how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
View 2 Replies
View Related
Oct 29, 2007
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies
View Related
Mar 25, 2007
I got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
View 5 Replies
View Related
Sep 27, 2007
i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
View 5 Replies
View Related
Oct 6, 2007
Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.
View 1 Replies
View Related
Nov 7, 2006
I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..
[root@localhost /]# runlevel
N 3
[root@localhost /]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost /]# chkconfig --list | grep apf
apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off
but when I check it like this
[root@localhost ~]# service iptables status
Firewall is stopped.
[root@localhost ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: ^[[A [ OK ]
[root@localhost ~]# service iptables status
Firewall is stopped.
it said iptables is stop...even I start manually...
I am not sure APF is running correctly because of iptables..
View 10 Replies
View Related
Sep 10, 2006
# apf -r
Unable to load iptables module (ip_tables), aborting.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# uname -a
Linux servername 2.6.17.9 #1 SMP Sun Aug 27 17:08:11 ICT 2006 i686 athlon i386 GNU/Linux
is there any reason that I cannot use iptables? If I edit monokern option in apf to 1, I cannot use ftp in passive mode
View 14 Replies
View Related
Feb 7, 2008
I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
View 3 Replies
View Related
Sep 16, 2007
I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
View 4 Replies
View Related
Jun 4, 2007
root@xxxx[~]# service iptables status
Firewall is stopped.
root@xxxx[~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@xxxx[~]# service iptables status
Firewall is stopped.
why not iptables don't start ?
View 4 Replies
View Related
