Iptables Not Working
Aug 5, 2008After I start iptables:
service iptables start
There is not any message coming up.
When use
service iptables status,
It said:
iptables: Firewall is not running.
My os is fedora core 6
ADVERTISEMENT
Iptables Not Working With CSF
Feb 7, 2008I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
Iptables Block An IP Not Working
Apr 25, 2008I use
iptables -I INPUT -s 60.216.238.212 -j DROP
To block ip, not working
After issue
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I can still see
87 218.86.252.158
163 219.150.191.62
301 60.216.238.212
60.216.238.212 still has 301 connection, any idea.
Basically, I use ddos-deflate to block ddos attack.
I already set the max conection to 25.
But it seems not working.
all the connections over 25 have not been blocked.
Did I miss something?
I mean after I issue
iptables -I INPUT -s 60.216.238.212 -j DROP
Do I need to do something like refresh iptables?
Connection State ESTABLISHED,RELATED Is Not Working In My Iptables
Nov 13, 2008connection state ESTABLISHED,RELATED is not working in my iptaables...?
Accept If input interface is lo
Accept If state of connection is ESTABLISHED,RELATED
Drop If protocol is ICMP
Accept If protocol is TCP and destination port is 80
Accept If protocol is TCP and destination port is 99
Accept If protocol is TCP and destination port is 25
Accept If protocol is TCP and destination port is 110
Accept If protocol is TCP and destination port is 10000
Accept If protocol is TCP and destination port is 21
Accept If protocol is TCP and destination port is 30000:30500
Accept If protocol is UDP and destination port is 53
Accept If protocol is UDP and source port is 53
Accept If protocol is TCP and destination port is 445
Accept If protocol is TCP and destination port is 2390
this in my Incoming packets rules..
Outgoing packets are all accepted..
so if i made connection from the server the input rules shuld accept them because it is established and related connection.. But it wont work.. any ideas about it..?
my vps is running on cent os 5.2 final..
and the control panel is webmin.
Plesk 12.x / Linux :: Firewall Module Modified Iptables - FTP Not Working Now
Feb 13, 2015I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
After Flush+zero Iptables, Will A New Iptables Ban Work
Jan 5, 2008I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
Non-working Forwarding Email Account On Working Domain
Apr 24, 2008I have a domain with a few forwarding email accounts that forward to mac.com email accounts... for some reason every once in a while these accounts stop working...
This is the error I get when I email to that account:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed: ...
Iptables Gone
Aug 4, 2006I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies View RelatedHow Many IPs Can I Add To IPtables ?
Jan 20, 2008I need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
Iptables Or Apf?
May 24, 2007What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies View RelatedCsf And Iptables
Apr 13, 2009i install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
IPTables
Apr 10, 2009Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
Iptables
Feb 4, 2007If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
IPTables
Sep 21, 2007I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
Iptables
May 15, 2007I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
Iptables
Sep 12, 2007how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
Iptables
Oct 29, 2007Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies View RelatedIPTables
Mar 25, 2007I got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
Iptables !
Sep 27, 2007i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
Iptables
Oct 6, 2007Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.
APF & Iptables Not Starting
Nov 7, 2006I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..
[root@localhost /]# runlevel
N 3
[root@localhost /]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost /]# chkconfig --list | grep apf
apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off
but when I check it like this
[root@localhost ~]# service iptables status
Firewall is stopped.
[root@localhost ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: ^[[A [ OK ]
[root@localhost ~]# service iptables status
Firewall is stopped.
it said iptables is stop...even I start manually...
I am not sure APF is running correctly because of iptables..
Cannot Load Iptables
Sep 10, 2006# apf -r
Unable to load iptables module (ip_tables), aborting.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# uname -a
Linux servername 2.6.17.9 #1 SMP Sun Aug 27 17:08:11 ICT 2006 i686 athlon i386 GNU/Linux
is there any reason that I cannot use iptables? If I edit monokern option in apf to 1, I cannot use ftp in passive mode
Flushing Iptables
Sep 16, 2007I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
View 4 Replies View RelatedIptables Don't Start
Jun 4, 2007root@xxxx[~]# service iptables status
Firewall is stopped.
root@xxxx[~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@xxxx[~]# service iptables status
Firewall is stopped.
why not iptables don't start ?
Iptables Do Not Start
Apr 23, 2009i create a template for xen ( hypervm ) from jailtime site. now i install iptables , but iptables do not work and when i enter " service iptables restart" , iptables do not start. ( i check it from "service iptables status" )
View 4 Replies View RelatedIptables Processing
Apr 23, 2007I used a script to block some unwanted countries from accessing my site. In total I had about 3000 lines with ipranges. Now I just went ahead and put this on one of the servers, one that I really don't need the traffic on. But I am wondering what kind of affect this may have on the speeds. Will it really affect it more then a few ms? And anything else I should maybe worry about? Except maybe the loading time at reboots.
View 2 Replies View RelatedWhy Iptables Not Work
May 28, 2009My site is under DDOS attack. I run this command
netstat -an | grep :80 | grep ffff | awk '{print $5}' | cut -f 4 -d : | sort | uniq -c | sort -n | tail -10
And find a lot of IP that are attacking. After that, i run
iptables -A INPUT -s xxx -j DROP
to block IP, and
service iptables save
service iptables restart
But when i run netstat command abouve, i found IP are attacking still available, it seem iptables don't block it?
IPTables/Conntrack
Aug 4, 2009I upgraded to the 2.6.27 kernel and iptables to 1.4.2 but can't seem to get CSF to run and i believe its because of conntrack not being found:
Code:
error: "net.netfilter.nf_conntrack_icmp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout_stream" is an unknown key
net.netfilter.nf_conntrack_max = 262144
kernel config:
Code:
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
# CONFIG_NF_CONNTRACK_SECMARK is not set
# CONFIG_NF_CONNTRACK_EVENTS is not set
CONFIG_NF_CT_PROTO_DCCP=m
CONFIG_NF_CT_PROTO_SCTP=m
# CONFIG_NF_CT_PROTO_UDPLITE is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=m
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
# CONFIG_NF_CT_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m....
Iptables Rules
Jul 2, 2009One of my low knowledge area's is Iptables Rule's I just normally use APF/CSF.
However on a VPS Host node, I basically want to block all access to a certain port let's say 1234 apart from a certain IP address.
However I don't want to block this port on any of the VPS's on the Node, so what Iptable Rule(s) would I need to put into a bash script on startup.
Tarpit/iptables
Jun 18, 2009While tarpit is outdated, is it still considered an ideal way to drop DDoS Attacks?
View 3 Replies View RelatedIptables Module
May 27, 2009how can i chek that my iptables firewall have this module?
ipt_recent
and if it is not installed...