similar to: Blocking an IP address both as source and destination

Good evening, on a CentOS 7 LAMP (not gateway) dedicated server I am using iptables-services with the following /etc/sysconfig/iptables: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m

Hello Gordon and others On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 06/21/2016 02:30 AM, Alexander Farber wrote: > >> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT >> --to-ports 8080 >> > > > I think you have the ports backward, here. > here the problem description again: I have

Hello again, unfortunately the following /etc/sysconfig/iptables file does not work: *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT #-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT --to-ports 8080 COMMIT *filter :INPUT DROP :OUTPUT ACCEPT :FORWARD DROP -A INPUT -m state --state

Hello fellow CentOS users, on a freshly installed 7.2 machine and after reading https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html I try to enable iptables with following commands: # cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) # rpm -qa | grep iptables iptables-1.4.21-16.el7.x86_64

Hello, I'm a user (and big fan) of CentOS 5.6 and in my /etc/sysconfig/iptables there are few blocking rules for some annoying visitors of my website (I run a card game there since many years and some people are "special"): *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A

Alright, I have setup the new rules and am waiting to see if I have any issues. If I do, I will keep working on it. I also read the article below, which mentions exactly what you I was told about 2008 and newer using different ports. https://support.microsoft.com/en-us/kb/929851 Here is the new configuration: root at dc01:~# iptables -S -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -A INPUT -m

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I recently tried adding a firewall to my Samba 4 server using the port information I found on the wiki. Below is a dump of the resulting rules. root at dc01:~# iptables -S - -P INPUT DROP - -P FORWARD DROP - -P OUTPUT ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m

I just looked up 42 and 68. I do not use WINS or BOOTP. I am removing range 1024-5000 and replacing it with 49612-65535 now. I already allowed 389 TCP. Lead IT/IS Specialist Reach Technology FP, Inc On 12/29/2015 03:58 AM, L.P.H. van Belle wrote: > Hai, > > Im missing a few things. > > And maybe time server port to open? Are your dc's time server also? > These are the

On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote: > On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: > > > *nat > > :INPUT ACCEPT > > :OUTPUT ACCEPT > > :PREROUTING ACCEPT > > :POSTROUTING ACCEPT > > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > > --to-port 80 > >

Hello, can anybody please spot an error here? # sudo service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore: line 20 failed

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi, I have a proxy/firewall, I want to dnat requests for 193.205.140.106 on port 443 towards 10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389 towards 10.2.15.25, these rules must apply from internet, loc and fw (some client use a proxy on fw to reach these servers) I have tried with the following rules: DNAT net dmz:10.2.15.23 tcp 443 -

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

Hi, system info: ubuntu 7.04 (Host OS) samba 3.0.24 (installed with apt-get) vmware-server 6.0.1 windows XP (Guest OS) I was using the iptables script provided by iptablesrocks.org. It's been quite useful, but I ran into a problem when I tried to connect samba. Without any iptables rules, I have no problem when connecting host os(ubuntu samba server) from guest os Windows XP. I referenced

Hi, My home setup is as following: - 1024/128 kbit ADSL - FC3 I set up HTB to prioritize traffic. I am not very pleased with the obtained results. The scope of my setup is to have some ssh sessions with remote servers while browsing websites and running aMule Nothing complicated (I think... ;). The very high priority traffic (ssh), gets stuck when I start aMule and make an FTP download.

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

On 28/12/15 15:33, Ryan Ashley wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > I recently tried adding a firewall to my Samba 4 server using the port > information I found on the wiki. Below is a dump of the resulting rules. > > root at dc01:~# iptables -S > - -P INPUT DROP > - -P FORWARD DROP > - -P OUTPUT ACCEPT > - -A INPUT -m conntrack --ctstate

On 12/28/2015 10:33 AM, Ryan Ashley wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > I recently tried adding a firewall to my Samba 4 server using the port > information I found on the wiki. Below is a dump of the resulting rules. > > root at dc01:~# iptables -S > - -P INPUT DROP > - -P FORWARD DROP > - -P OUTPUT ACCEPT > - -A INPUT -m conntrack

Hai, Im missing a few things. And maybe time server port to open? Are your dc's time server also? These are the ports i've set. TCP what im having. 22,42,53,88,135,139,389,445,464,636,3268,3269,1024:5000,49612:65535 How you did: 22,53,88,135,139,445,464,636,1024:5000,3268,3269 Your missing 42 389 and range : 49612:65535 UDP what im having. 53,67,68,88,123,137,138,389,464 How you

Hello, why does iptables-save print 2 numbers in square brackets? Is it used for anything? Is it number of inspected packets (and what's the other number then)? And what does *filter mean? Thank you Alex $ sudo iptables-save # Generated by iptables-save v1.3.5 on Tue Dec 2 23:53:56 2008 *filter :INPUT DROP [26:8260] :FORWARD DROP [0:0] :OUTPUT ACCEPT [376:82274] -A INPUT -m state --state