search for: firewalling

My firewall config is below... I am trying to figure out why another machine has access to port 5038 on my machine based on these firewall rules. I thought the reject at the bottom would take care of all other ports? It does not. I have restarted with "server iptables restart" and same thing. I can connect from another machine to my machine on port 5038. How do I prevent this?

Hi, on a system RedHat 8.0, only on this, not on other various RedHat8.0, I have see the follow strange error in /var/log/{messages,boot.log} ..... After the boot all it seems to work, the modules is loads.... I have already tried to install other versions of kernel but the problem is always the same one :-(( Someone has some idea of what is happening? Thanks... Dario Lesca

Hello, I can''t figure out how I can use the module puppetlabs-firewall only for some targeted nodes. If I put : resources { "firewall": purge => true } in top scope (i.e. site.pp), then all the firewall rules on all my nodes are purged. Even for nodes for which I don''t apply any module containing specific firewall { ... } resources. If I put it in a module

I''m using puppetlabs/firewall with Puppet 2.7.2, and for the most part it''s working great. I have this in my sites.pp, which I took from this list sometime ago, to save firewall rules to disk when they''re changed: # Always persist firewall rules if ($kernel == ''Linux'') { exec { ''persist-firewall'':

Below is my firewall rules for iptables. everything is working fine except for NFS I cannot mount my drive. If I turn off iptables I can mount. Looking at this : http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html Important In order for NFS to work with a default installation of Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 2049

I'm having a heck of a time getting vsftpd to work properly. When Iptables are OFF, it works fine, and when iptables is on, it dies. When I try ftp from a command line, here's what the session looks looks like: [root at mylaptop ~]# ftp ftp.server.com Connected to ftp.server.com. 220 Welcome to My Company FTP 530 Please login with USER and PASS. 530 Please login with USER and PASS.

Hello all: I did a fresh install of CentOS 7 on a new machine. I wrote /usr/local/bin/firewall.stop to remove all the firewall rules. It contains this code: # Flush the rules /usr/sbin/iptables -F # Set the default policies to accept /usr/sbin/iptables -P INPUT ACCEPT /usr/sbin/iptables -P OUTPUT ACCEPT /usr/sbin/iptables -P FORWARD ACCEPT I wrote /usr/local/bin/firewall.start to set the

Hi all, I'm trying to convers some Cisco SSCP phones to the SIP formware. The phone boots, I see it tries to fetch a bunch of files on my TFTP: Jun 17 09:37:45 firewall dnsmasq-dhcp[21202]: DHCPACK(eth2) 192.168.10.103 6c:50:4d:da:f0:67 SEP6C504DDAF067 Jun 17 09:38:10 firewall in.tftpd[22666]: RRQ from 192.168.10.103 filename CTLSEP6C504DDAF067.tlv Jun 17 09:38:10 firewall in.tftpd[22666]:

Hi, I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny all ssh logins on port 22 on (62.139.61.84) from any host except from (82.201.195.123) Can anybody tell me such iptables rules to write in /etc/sysconfig/iptables Currently, im using the following rules (on 62.139.61.84) *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT -

Hi, I am running dovecot 1.2.11 on mac osx 1.5.8. Everything works perfectly with the application-level firewall off, but enabling the application firewall prevents dovecot connections. I have tried explicitly authorizing dovecot in the firewall, but it does not work. I have searched everywhere I can think of to look, and haven't found a solution, but have seen a couple other

Hi, I have HA firewalls configuration (keepalived) on one site. Each firewall has its own IP and a Virtual IP (VIP) that keepalived activate on one of the firewall (active/passive HA configuration). I think I can set all two firewalls with same configuration, generating key pairs on one firewall and copying that to the second, so the remote host can see always one of the other firewall as the

Hi, I have an existing iptables as follows:- # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p

We're supposed to provide redundant firewall service. I'm wondering if anyone has ever tried to do this and if it's realistic. Basically 2 firewall machines hooked up so if one fails the other will transparently step in. I've googled it to death without much luck. The security issue here lies in that the 2 firewalls can't talk to each other. So if I'm keeping state on

Dear CentOS community, I have install centos via CD, DVD and Directly off the net via http and FTP. Now I want to do a NFS install from a local server and a client. Both, client and server are in the same vlan 10.14.10.0/255.255.255.0. The server has a static 10.14.10.15 address and the client gets its own address via DHCP. I download the DVD image from one of the mirrors and placed it under

[root at hwdltsaloli ~]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT

We''re testing out the Puppetlabs-Firewall module. And it seems I''m either missing something fundamental or Logging/Accpet works/doesn''t work in an irregular way. I would be most grateful for some input. *COMMON:* firewall { ''002 accept related established rules INPUT'': proto => ''all'', state =>

Greetings: i have a pretty stock CentOS 5 machine with ports 80 and 22 exposed, so my /etc/sysconfig/iptables file is pretty standard/straightforward. my question is: how is this config file initially generated? i'd like to re-create it, and add a couple of rules .... so i don't want to lose what's in there already. i see that my /etc/sysconfig/system-config-securitylevel has

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

I can use the gutenberg_download() function in the gutenbergr package on a computer that doeson't use a firewall, but on an almost identical installation that is behind a firewall, nothing happens, not even a time-out. Has anyone succeeded in using gutenberg_download() successfully with a firewall? I tried raising an issue at https://github.com/ropenscilabs/gutenbergr/issues/17 with no

Hi all, I''m attempting to use the puppetlabs-firewall module. In testing, rules are enabled in a random order, so it seems necessary to utilize puppet stages to guarantee proper ordering. I created a module to organize my firewalling. It consists of localfw::pre to open the INPUT chain for established and related connections, localfw::default for most normal rules, and localfw::post to block everything else. I run localfw::pre before stage[main] and localfw::post after. This has fixed my firewall rules ordering issue, yay. How...