Iptables Script :: Configure IP Tables For Firewall
Oct 31, 2008I find it hard to configure IP tables for firewall, can I find already made scripts anywhere?
View 1 Replies
ADVERTISEMENT
Iptables Firewall; CSF, APF, Arnos... Etc.
Jan 5, 2009Is it me or that anyone else experiencing the VZ master node not properly configured for those front-end firewall programs?
I recently purchased couple Linux VPSs (OpenVZ) from different vendors and both seems not having iptables properly configured. One of them finally got resolved, but took like a week for them to figure out what's wrong with it.
I'm currently still stuck with second VPS not protected.
I have not check into which iptables modules APF or CSF requires, but VPS vendors/resellers should expect their clients would be using those and properly configure their VZ master prior to deployments.
I'm begin to wonder people that purchases VPS slices, are they using any decent firewall front-end or not.
It always seems that ip_conntrack is missing. When exists, everything works.
How To Configure A Firewall To Let Only Exim Connect Via Port 25
Feb 20, 2008Alright now this is the most intelligent way to send spam I have ever seen. Apparently a guy has made a PHP or Perl script that is acting as an MTA. That's right: He is neither using Sendmail nor Exim but he made a script that acts as an MTA. That means the script itself connects to third party mailservers via port 25 and communicates with the remote mailserver as if it was an MTA itself. This works even if Exim is entirely disbaled...
The spam still get's sent. The script is running only occasionally...not like a daemon.
So it is nearly impossible to locate it. You have no Exim logs to look at. And in the Apache logs any PHP script could be it... You are not able to find that out. Therefore I am unable to stop him unless I manage to block outgoing connections to another host's port 25 for any program but for exim.
How can I configure my firewall (APF) so that only Exim my connect to other servers via port 25? Is that even possible?
Iptables Firewall On: Can't Receive Emails
Jun 8, 2009after turning on the iptables firewall i can't receive emails anymore on a dedicated centos 5.3 server with postfix and dovecot.
with iptables firewall turned off everythin works fine.
following is the /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
# -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
# ************ tried doing this first ************
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT --syn
# ************ tried doing this too ************
-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 72.233.54.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 0/0 --sport 25 -d 72.233.54.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
as you can see here i have tried opening ports 110, 25, 143 earlier. still did not work.
Kernel, Iptables And APF Firewall Problem
Oct 21, 2009Hello !
I've got problems with my APF firewall. Here is are the errors I get :
[root@ks123456 ~]# apf -r
apf(6493): {glob} flushing & zeroing chain policies
apf(6493): {glob} firewall offline
apf(6530): {glob} activating firewall
Opening /proc/modules: No such file or directory
apf(6570): {glob} unable to load iptables module (ip_tables), aborting.
apf(6530): {glob} firewall initalized
apf(6530): {glob} fast load snapshot saved
The /var/log/apf_log file is full of these errors.
I've been told that it was a compatibility issue with the server's kernel. So I upgraded the kernel to the last version, but the problem still remains and I get the same errors...
Can you advise about what I should do now ?
Thank you !
APF Firewall :: Iptables: No Chain/target/match By That Name
Jun 6, 2007Hello,
I have two similar VPS plans with identical software setups.
I installed APF Firewall on VPS A, modified the conf.apf file to
change the interfaces to venet0 and set monokern to 1 and
then opened all the ingress ports required. Started the firewall
with 'service apf start' and everything went fine, and everything
is working fine with no errors.
I did the same on VPS B but when I start apf I get the following
error that reoccurs during the startup sequence:
iptables: No chain/target/match by that name
While the firewall does seem to be running (by checking iptables -L)
I am unable to download files on the VPS, via wget or yum ...
Apf Firewall Giving Iptables: Invalid Argument
Oct 27, 2006I have a Virtuozzo VPS running Debian Sarge. I installed apf. My /etc/apf/conf.apf looks like:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
IG_TCP_CPORTS="21,22,53,80,443,25,465,110,995,143,993,137,139,445,10000,3306"
IG_UDP_CPORTS="53"
Am am getting several "iptables: Invalid arguments" message. I traced this to these iptables calls from within /etc/apf/firewall. Each of these iptables calls gives "iptables: Invalid arguments":
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL NONE -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags SYN,RST SYN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags FIN,RST FIN,RST -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,FIN FIN -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,URG URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ACK,PSH PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN,URG,PSH -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL ALL -j IN_SANITY
/sbin/iptables -A INPUT -i venet0 -p tcp --tcp-flags ALL FIN -j IN_SANITY
Any thoughts? According to my ISP, I have these iptables modules:
iptable_filter
iptable_mangle
ipt_limit
ipt_multiport
ipt_tos
ipt_TOS
ipt_REJECT
ipt_TCPMSS
ipt_tcpmss
ipt_ttl
ipt_LOG
ipt_length
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ipt_conntrack
ipt_state
ipt_helper
iptable_nat
ip_nat_ftp
ip_nat_irc
Iptables LKM Ip_tables Missing So This Firewall Cannot Function
Apr 4, 2008When I click Start Firewall
I get this
iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf
Error: aborted, at line 156
MySQL Doubt: More DB's & Less Tables || More Tables Less DB's
Nov 2, 2009im planning on designing a webservice, it will have a lot of data, spread in many tables.
The problem is that there will be tables created constantly (around 5 each day..)
All tables/data will be accessed equally, so I dont know how to set up the system, to create multiple databases, and balance the number of tables equally on each database, or create less databases and have a lot of tables on each one.
Which one has more efficiency?
Plesk 12.x / Linux :: Firewall Module Modified Iptables - FTP Not Working Now
Feb 13, 2015I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
Plesk Automation :: PPA Install On Infrastructure Running Parallels Cloud Server - IPTables / Firewall
Apr 9, 2014I'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
After Flush+zero Iptables, Will A New Iptables Ban Work
Jan 5, 2008I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
PowerAdmin - Not All Tables Are Ok
Dec 17, 2007This is the error that i get when i run test_setup.php:
Not all tables are ok!
Sorry, but there are error(s) found in the following table(s): 'records' 'domains'.
Please fix these errors and run the script again.
---
whereas rest of the tables (users, users_seq and zones)have been created.
Did i forget some step where these tables were to be created?
How can i create these tables now?
Why MySQL Tables Crash
Jul 15, 2009This is something i was wondering about and never found any answers.
Based on your experience, what are the most common reasons mysql tables crash?
Creating A CNAME Entry For DNS Tables
Feb 4, 2006I apoligize in advance if this is the wrong place to post this thread.
I am trying to create a CNAME entry in my DNS tables and have no clue where to begin.
I have did a search but didnt find anything that gives reference on how to do it just how to fix errors.
Can anyone point me in the right direction to learning how to accomplish this task.
Tables Grow In Size And Sometime And Need To Use RAID 5
Nov 2, 2009I have a database which is growing to have about 100 tables. These tables will grow in size and sometime I will need to use RAID 5, I am told by my server provider.
My questions are:-
1. if these other servers are mirrors, should I have the database stored on each server?
2. when one server gets too busy, does the RAID query a lesser-used server so as not to bog down the first one?
3. Or, do I need to have different content in each db on each server so a query gets what it needs form each?
Any Way To Use Mysqlcheck With Custom Tmp Tables Folder
Mar 24, 2009I am using /usr/bin/mysqlcheck --all-databases --check --auto-repair to check all MySQL DBs every day via cron. But sometimes when the DB crash and is being repaired the tmpdir = in /etc/my.cnf is getting full 100%. Is it any smart way to use some other tmp folder when repairing the DB tables like that?
View 6 Replies View RelatedOptimize All Tables In A MySQL Database
Oct 29, 2008how exactly it helps?
mysqlcheck -o -u...
Like what it does to "optimize" them? Does it really help?
Watchguard Firebox Vs Linux IP Tables Box
Mar 6, 2008I am considering on implementing a new firewall in our colo which would have about 10 servers behind it which generates on averages 2.314 megabits/sec for everything.
I am looking at the new Watchguard x750e running version 10 of Fireware which seem like a good fit without breaking the bank but I have also thought of simply implementing a Poweredge server running CentOS and running an IPtables config to provide firewall services.
Anybody have any Feedback on the Watchguard unit or use a Watchguard product in their setup and can comment?
Convert All Mysql Tables To Utf8
Jul 8, 2008I have a vbulletin (3.7.2) board with many mods installed (nearly 70) without a problem.
However, upon installing one new mod I got a database error stating:
MySQL Error : Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (latin1_general_ci,IMPLICIT) for operation '='
How do I change ALL tables in one shot (or sql query via phpmyadmin) from the two different collations to utf8?
Also, is utf8 suggested or better than latin1?
Creating Temp Tables On Disk
May 7, 2007In phpMyAdmin I see this:
Created_tmp_disk_tables 2,118 The number of temporary tables on disk created automatically by the server while executing statements. If Created_tmp_disk_tables is big, you may want to increase the tmp_table_size value to cause temporary tables to be memory-based instead of disk-based.
Created_tmp_files 0 How many temporary files mysqld has created.
Created_tmp_tables 5,637 The number of in-memory temporary tables created automatically by the server while executing statements.
I have tried upping tmp_table_size but it's no use. My my.cnf file:
Quote:
# Example MySQL config file for very large systems.
#
# This is for a large system with memory of 1G-2G where the system runs mainly
# MySQL.
#
# You can copy this file to
# /etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /var/lib/mysql) or
# ~/.my.cnf to set user-specific options.
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MySQL clients
[client]
#password= your_password
port= 3306
socket= /var/lib/mysql/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port= 3306
socket= /var/lib/mysql/mysql.sock
skip-locking
key_buffer = 384M
max_allowed_packet = 1M
table_cache = 384
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size = 32M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8
tmp_table_size = 300M
max_tmp_tables=100
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Replication Master Server (default)
# binary logging is required for replication
log-bin
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id= 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin
# Point the following paths to different dedicated disks
#tmpdir= /tmp/
#log-update = /path-to-dedicated-directory/hostname
# Uncomment the following if you are using BDB tables
#bdb_cache_size = 384M
#bdb_max_lock = 100000
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/lib/mysql/
#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend
#innodb_log_group_home_dir = /var/lib/mysql/
#innodb_log_arch_dir = /var/lib/mysql/
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 384M
#innodb_additional_mem_pool_size = 20M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 100M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
This server has 1GB of RAM, not a dedicated sql server though. RAM usage is low too, 567MB of RAM is being used right now total... is there something I'm overlooking?
Is S2U-MSFC2 Able To Handle 2 Full Tables
Jan 7, 2007Is S2U-MSFC2 able to handle 2 full internet routing tables or even 3?
and what is the difference between
WS-X6408 and WS-X6408A?
WS-X6348-RJ-45 and WS-X6548-RJ45?
Are There Any Ways To Replicate Just A Few Tables On Mysql
Dec 21, 2007Is there no possible way I can slave just a few tables in mysql? instead of slaving the entire table on the main database server.
View 1 Replies View RelatedFantastico Script Creating Databases But Not Tables
Oct 20, 2006when fantastico applications get installed, for some reason they are creating the database, but none of the tables are installed.
View 6 Replies View RelatedHow Set Up Cron Job Auto Empty A Tables Of A Database
Dec 20, 2008How to set up cron job auto empty a table of an database at specify time.
OS: Centos 5 64 bit , Cpanel: cPanel 11.24.4-R32486 - WHM 11.24.2 - X 3.9
Lock Tables Permission Keeps Getting Revoked From User(SQL)
Jul 12, 2007every 4 or 5 days the lock table permission keeps getting revoked, does anyone have anything that can point me in the general direction of what would cause this? The only thing i can think of is a cpanel layer 2 update has occured a few times during hte periods where the permission is revoked
unfortunately whenever it happens it results in my SQL backup script failing
It's a VPS host running CentOS btw.
How To Automatically Check And Repair Mysql Databases And Tables
Jul 16, 2009I have cPanle shared account.
Is there a way to automatically check and repair mysql databases and tables, that can be scheduled as cron job?
Mysql Deleted Several Tables Under High Server Load
Apr 27, 2007we have mysql 5 setup and this morning at around 10:07 tables started disappearing as they were being accessed by different clients.
Databases that had 40 tables now had 30, etc. Only the tables that were attempted to be accessed were gone. This is the first time something like this has happened.
The following output was given:
This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose the
problem, but since we have already crashed, something is definitely wrong and this may fail.
key_buffer_size=8388600
read_buffer_size=131072
max_used_connections=208
max_connections=500
threads_connected=156
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 1096188 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
thd=0xaf82930
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xb143932c, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x816b1a0
0xaf1898
0x20
0x81ac49d
0x8182914
0x8189010
0x8189df1
0x818a738
0x818ae5c
0xaeb371
0x9c4ffe
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read [url]and follow instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0xaf36620 = SELECT * FROM `sessions` WHERE `PHPSESSID` = '5e6775cd3c6f187d8c575127ba73be19'
thd->thread_id=113407
The manual page at [url]contains
information that should help you find out what is causing the crash.
mysqld: my_new.cc:51: int __cxa_pure_virtual(): Assertion `"Pure virtual method called." == "Aborted"' failed.
Number of processes running now: 0
070427 10:07:49 mysqld restarted
070427 10:07:50 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
070427 10:07:53 InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 0 227822203.
InnoDB: Doing recovery: scanned up to log sequence number 0 227822203
070427 10:07:53 InnoDB: Started; log sequence number 0 227822203
070427 10:07:54 [Note] /usr/sbin/mysqld: ready for connections.
Plesk 12.x / Windows :: Wordpress Install Created Duplicate Tables
Feb 8, 2015Window server 2012 r2: I installed wordpress on a domain using plesk. Seemed to work correctly. But when I went to the site www.example.com/wp-admin, the native or default wordpress install started up. I could find no way to bypass this, so I just re-entered all the same settings.
The result was that I ended up with 2 sets of database tables, one set named with my chosen prefix wp_blahblah_ and one set prefixed with wp_blahblah_wp_.
Not good, so I deleted the later set. Wordpress seems to be working, despite one error on the tables I can't reproduce.
Do You Recommend A Software Firewall When Behind A Hardware Firewall
Dec 17, 2008Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.