Fedora Security :: Iptables - Block Everything From Getting In My Pc
Mar 17, 2009What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.
View 2 RepliesWhat i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.
View 2 RepliesIs this how I would do that?
iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP
This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.
My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?
View 2 Replies View Relatedhow to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3
View 2 Replies View RelatedI would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.
This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.
Code:
iptables -A FORWARD -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code]....
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
View 7 Replies View RelatedI Need to know how to block this applications using iptables or ROPE scriptable Method..?..
1.Web navigation
2.Electronic mail
3.FTP transfers
4.Video traffic (multicast video stream and unicast video stream)
5.VoIP service
6.Instant Message (MSN and yahoo messenger�etc)
7.Management service (TR-069 and SNMP)
What is the easiest way to block one specifiek web page?Can I use the file /etc/deny host, or should I use another program to do this?I have already search the web andfound iptables, but that is to difficult for me, and I found squid
View 1 Replies View RelatedI recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies View RelatedI have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....
I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found
Code:
iptables -A INPUT -s ip_address -j DROP
I will add this rule in iptables. My questions are:
1) do I have to do
Code:
chkconfig iptables on
so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.
2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.
I have been trying to get pam_tally2 to block failed logins with ssh. No matter how many failed logins I do I can still log in with the correct password using SSH. Anyone have this working?
Here are the configuration I am using. I have put this in sshd and password-auth-ac.
auth required pam_tally2.so deny=3 file=/var/log/tallylog lock_time=180 unlock_time=1200 magic_root account required pam_tally2.so magic_root In the /var/log/secure I do see messages related pam_tally2 and the counter going up.
When I use system-config-firewall, it asks what interfaces to trust. Where does it store that information for iptables (or whatever uses that info)? How iptables knows at what interfaces to use the rules?There is not that kind of information in /etc/sysconf/iptables and iptables-config.
View 2 Replies View Relatedi've got a few questions about iptables. i know how to set up ip tables to only allow from an ip address or a subnetting ip addresses. question is how do i allow from 2 different networks? would i need to create 2 lines of entry in iptables to the same port? e: allow 10.168.1.1 and 196.168.1.1 on port 22 is there a way to put all that in 1 line or would i need to create to rules for the port? i know i can use the ssh allow or deny but i'd like to stop access even before it gets to the ssh. stop it at the source kinda thing.
View 4 Replies View RelatedWondering if anyone knows what the range specification is meant to do for the colonHAIN at the top of the iptables file? e.g. what is the 1:76 range mean for :OUTPUT ACCEPT [1:76] ?
# Generated by iptables-save v1.4.1.1 on Sat Dec 19 12:28:00 2009
*filter
:INPUT ACCEPT [0:0]
[code]...
I found a behavior of iptables on FC12 to be different and suspect it's broken somehow. Here is what I did
# iptables -F
# iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j ACCEPT
I don't have a shell on FC12 with me to show the output of iptables -L -n but it looks good after above 2 commands. However, after issuing the following third command iptables -L -n gives "wrong" result
# iptables -R INPUT 1 -s 127.0.0.1 -p tcp --dport 22 -j ACCEPT
Namely iptables -L -n gives extra "/0" after 127.0.0.1 in the output I have checked on Ubuntu 9.10 and centos 5.4 and they don't give extra "/0"; iptables is not supposed to do that. Of course, I didn't invent these examples but they are abstracted from actual real life scenerio of trying to build rules on our servers.
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies View Relatedin my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies View RelatedJust wondering if it is possible to block web access on a certain ip address with iptables.
Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.
I have a server with slackware 12 and i try to block 2 web sites but without success. I write in iptables rules /etc/iptables.conf
iptables -A INPUT -s web.org -j DROP
iptables -A OUTPUT -d web.org -j DROP
but no effect. What rule i must write to block url`s?
I have blocked below IP by using iptables command in RedHat Linux 4.0.
Code:
iptables -A INPUT -s 192.168.0.85 -j DROP
It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.
i am learning security and firewalling. i want to know . where a linux firewall is sufficeint and where it is not sufficeint? if you can explain why or give a reference i will be glad. is that security or traffic handling problem? when i should select a cisco product? in tarms of traffic and sceutiry. do you have any good alternative recomendation to Cisco
View 1 Replies View RelatedI am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
I want to use iptables to automatically block all IP addresses who send UDP packets with length 11 more than 3 times per 10 seconds.
View 1 Replies View RelatedCurrently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.
Output of iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
Now i want to block some ip address and port ways i tried lot of things in internet when i type iptables -A INPUT -s 192.168.1.150 -j REJECT (i found in internet it will block that ip address for getting internet and any access through my sys)
Now th Output
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT all -- 192.168.1.112 anywhere reject-with icmp-port-unreachable
[code]....
it will block icmp protocol only I want to know how block ipaddress and port address ways...
Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet
Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.
Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP
But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address)
Does anybody know how to block HotSpotShield in squid or iptables?
View 2 Replies View RelatedI have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:
iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock
[code]...
I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.