similar to: Adding comments to /etc/sysconfig/iptables

Good evening, on a CentOS 7 LAMP (not gateway) dedicated server I am using iptables-services with the following /etc/sysconfig/iptables: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m

Hello Gordon and others On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 06/21/2016 02:30 AM, Alexander Farber wrote: > >> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT >> --to-ports 8080 >> > > > I think you have the ports backward, here. > here the problem description again: I have

Hello again, unfortunately the following /etc/sysconfig/iptables file does not work: *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT #-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT --to-ports 8080 COMMIT *filter :INPUT DROP :OUTPUT ACCEPT :FORWARD DROP -A INPUT -m state --state

Hello, how do you block incoming AND outgoing traffic to a site? I have 2 drop lines for a site in my /etc/sysconfig/iptables: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -d xx.xx.xx.0/24 -j DROP -A INPUT -p icmp -m icmp --icmp-type any -j

On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote: > On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: > > > *nat > > :INPUT ACCEPT > > :OUTPUT ACCEPT > > :PREROUTING ACCEPT > > :POSTROUTING ACCEPT > > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > > --to-port 80 > >

Hello, can anybody please spot an error here? # sudo service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore: line 20 failed

Hello fellow CentOS users, on a freshly installed 7.2 machine and after reading https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html I try to enable iptables with following commands: # cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) # rpm -qa | grep iptables iptables-1.4.21-16.el7.x86_64

On Mon, Jun 20, 2016 at 10:01 PM, Alexander Farber <alexander.farber at gmail.com> wrote: <cut> > > However I actually need my Jetty program to run at port 80 - so that users > behind corporate firewalls can connect too. > > The Jetty doc at > https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html > suggests to run the command > > #

On 06/21/2016 02:30 AM, Alexander Farber wrote: > -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT > --to-ports 8080 I think you have the ports backward, here.

On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: > *nat > :INPUT ACCEPT > :OUTPUT ACCEPT > :PREROUTING ACCEPT > :POSTROUTING ACCEPT > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > --to-port 80 http://www.karlrupp.net/en/computer/nat_tutorial # IMPORTANT: Activate IP-forwarding in the kernel! # Disabled by default! $> echo

Am 2016-06-21 16:58, schrieb Always Learning: > On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote: > >> On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: >> >> > *nat >> > :INPUT ACCEPT >> > :OUTPUT ACCEPT >> > :PREROUTING ACCEPT >> > :POSTROUTING ACCEPT >> > -A PREROUTING -p tcp --dst 144.76.184.154 --dport

Hello listmates, It's been a few years since I've set up a router... and for some reason I seem to be getting hung up on this one. Does anybody have a sample iptables config file that would incorporate NAT and forwarding for a simple router? Thanks. Boris.

Hello, why does iptables-save print 2 numbers in square brackets? Is it used for anything? Is it number of inspected packets (and what's the other number then)? And what does *filter mean? Thank you Alex $ sudo iptables-save # Generated by iptables-save v1.3.5 on Tue Dec 2 23:53:56 2008 *filter :INPUT DROP [26:8260] :FORWARD DROP [0:0] :OUTPUT ACCEPT [376:82274] -A INPUT -m state --state

?????? 23 ???? 2016 05:56,? "Mike" <1100100 at gmail.com> ???: > > > After using iptables for a long time, I can't figure out where this syntax > comes from. > Can anyone point me in the right direction to understand the proper syntax > necessary in /etc/sysconfig/iptables? > The syntax comes from the output of the 'iptables-save' command. You can

> > If I'm understanding correctly, write out all rules in a bash terminal and > run them, and then do /usr/sbin/iptables-save --- > > ~#/usr/sbin/iptables rule; > ~#/usr/sbin/iptables rule; > ~#/usr/sbiniptables rule; > ~#/usr/sbin/iptables rule; > ~#/usr/sbin/iptables rule; > ~#/usr/sbiniptables rule; > ~#/usr/sbin/iptables rule; > ~#/usr/sbin/iptables

On 23/05/16 14:55, Mike wrote: > The last two router/firewall servers I had used Slackware and Gentoo. > I'm used to writing complete and explicit iptables rules; however, when I > set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable. > > For example, I'm used to stating postrouting masquerade as: > > /usr/sbin/iptables -t nat -A POSTROUTING -o eth0

On Sun, May 22, 2016 at 11:55 PM, Barak Korren <bkorren at redhat.com> wrote: > ?????? 23 ???? 2016 05:56,? > The syntax comes from the output of the 'iptables-save' command. > You can configure 'iptables' from the command line as you normally would > and then run > > iptables-save > /etc/sysconfig/iptables > > On centos<=6 the init.d script

You need to disable firewalld and install iptables, if you really want use old way: https://www.certdepot.net/rhel7-disable-firewalld-use-iptables/ Firewalld is preferred way. You should learn it.. -- Eero 2016-05-23 5:55 GMT+03:00 Mike <1100100 at gmail.com>: > The last two router/firewall servers I had used Slackware and Gentoo. > I'm used to writing complete and explicit

The closest thing I could find to an iptables to firewalld conversion tool was Offline Configuation. The firewall-offline-cmd command was created to help setup firewall rules when Firewalld is not running. For instance, to open the tcp port 22, you would type in the /etc/sysconfig/iptables file: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT Instead, you can now execute the

On 23 May 2016 21:03, "Mike" <1100100 at gmail.com> wrote: > > The closest thing I could find to an iptables to firewalld conversion tool > was Offline Configuation. > The firewall-offline-cmd command was created to help setup firewall rules > when Firewalld is not running. > > For instance, to open the tcp port 22, you would type in the >