Fedora X86/64bit :: Create A Script To Show The Last Time Iptables Had Seen A Given IP Address?
Jun 20, 2009
i was trying to crate a script to show the last time iptables had seen a given IP address (contained in the ipt_recent kernel hook -- my user-defined table name is 'iplist'). The ipt_recent table yields the following information (IPv4 addresses masked for paranoid reasons):
Such command yields the following (I'm willing to live with the trailing zero):
Code:
Wed Jun 20 05:48:46 EDT 2266
src=www.xxx.yyy.zzz 0
[code]....
I presume the ipt_recent table uses the standard UNIX epoch timestamp. Am I using the date command syntax incorrectly, is this a 32-bit vs 64-bit break, or it is something else? Please note that I am using FC10, and I have double-checked my system clock settings (both BIOS and OS). The system has only been running during 2009 (no reboot yet).
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
I need to know what the Iptables "code" is to change the outgoing/Incoming IP for port 53 (DNS). I'm running CentOS on a dedicated server. I very familiar with Putty and SSH. So I don't need much details, I just can't figure this out. I asked my server providor but they deleted my ticket and didn't answer me.I tried this but am not sure if this correct of working?
I'm using KDE 4.3.4 with the Desktop Folder View. Some reason my bottom panel show only half of the icon programs i have open. Any ideas how to fix it? I would like for the open programs icon in the panel to show full view.
Unfortunately accidentaly I disconnected my usb drive my computer and my VMs run from so I just rebooted for a quick fix Now I can't open virt-manager locally and the VM's can't get network connections I see this in the logs after the last two reboots
Code:
grep lxc /var/log/messages |tail -n 2 Jan 7 00:45:04 F820 libvirtd: 00:45:04.524: warning : lxcStartup:1895 : Unable to create cgroup for driver: No such device or address Jan 7 11:52:53 F820 libvirtd: 11:52:53.325: warning : lxcStartup:1895 : Unable to create cgroup for driver: No such device or address
[code]...
I tried restarting libvirtd after with no love so I rebooted and cgroup was gone this was a clean install of F14, after this started I brought the system current, I can provide the packages installed but they errors didnt change
By default, Fedora 11 sets my clock to military time. For example it says 16:22. I would like it to show civilian time (or at least know how to do it) I logged into the clock settings and had to put in the root password, but couldn't find where you do this. If you scroll on the time for hours, it just goes from 0 to 23 and back, not to AM and PM like some others.
I can't able to create more than 28 spawn bash in fedora core 7 (2.6.25.4 kernel) linux 64 bit machine. I can able to create 1015 spawn bash in 32 bit fedora 7 core. Script I have used for both 32 bit and 64 bit:
I am trying to get networking up on an old PII which I have successfully installed with FC4. There is a link and activity on the onboard interface because I see the indicator lights. The controller is a 3Com PCI 3c905 Boomerang 100baseTx @ 0xdc80.The only message returned by dmesg about eth0 is "Dropping NETIF_F_SG since no checksum feature."The driver module, 3c59x, is loaded as well as the mii module that depends on it.There is something about "unknown parameter`irq'" in the dmesg text regarding the driver.I noticed that eth0 is sharing an IRQ with the UHCI Host Controller.That should not be a problem, but it should not be necessary. And I could do away with USB if this is a conflict and that is the easiest way to solve it.When I drop to console at runlevel 3, and call dhclient, which is installed, I get a message telling me there is no reply to the dhcp request.I don't think the problem is on the router/switch side.
It takes me a while to log in the splash screen just sits there for ages before i get to the desktop. Never used to be this slow and I'm not sure why. Firstly, I'm running Ubuntu 11.04, standard DE. I do have conky starting up in a script but it has the & at the end of the line so I didn't think this would cause it (or is there some special case for log in time on how & is treated?). However as a test I will comment out the line in the script and see if it is the cause.
However just for general knowledge and in case that isn't the problem, how does one go seeing what is happening during the time from when one log's in and the desktop is displayed? Is there some kind of log that shows the date/time that can be enabled or is there a debug mode that can be enabled somehow via special keys or maybe from grub?
can i actually edit /etc/sysconfig/iptables and create/delete rules inside that file?will it work? i just find using the IPTABLES -A or -D command a hassle
I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.I've followed the instructions outlined in this guide and ran the following two commands:
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP /sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT root@xxxx:~/#: iptables --list
I have three machines on three networks192.x.x.x10.x.x.x172.x.x.xThe routers are set to forward communication between 192. network and 10. network, and between the 10. network and the 172. network.However, there's not routing between 192. and 172.I want to fix that by using a machine on the 10. network to forward communication between the other two networks.The machine has one etherent connection eth0 whose address is 10.1.1.11I set up an aliased ip address eth0:0 to be 10.1.1.12 using Quote:ifconfig eth0:0 10.1.1.12Then I tried to set forwarding rules the 10. machine such that 10.1.1.12 address will provide access to the machine 172.1.1.55 as followsQuote:# iptables -t nat -A PREROUTING -d 10.1.1.12 -j DNAT --to-destination 172.1.1.55The default policies for all chains is ACCEPT.I then try to access 10.1.1.12 from 192.1.1.20 expecting it to actually access 172.1.1.55 ; it does not work
I have a server located remotely that I'd like to protect by allowing access to only my IP address (on any port). Currently anyone can access the server using ssh, http, and any other services that my server is running. (The reason I need to protect it for now is that it's a test/development server and really only needs to be accessed by me.)
The downside of doing this is every time my desktop IP address changes (from where I access the remote server), I would need to update the iptables configuration. (This could be a hassle, but based on my limited knowledge it seems to be the best way to allow access from only myself.)
Could anyone share how to allow access to my server using iptables from only my IP address and on any port?
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP ... $IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
Here is a glimpse of my IPTABLES http://pastebin.com/WvHAC46A I see in the column of sources the addresses being resolved to domain names is there a way I can stop this?
how to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
I'm trying to open port 8080 on my application server. I've included it in my iptables; however I still cannot access through ssh nor putty and it doesn't show up when I netstat either.Here is my iptables-config:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -s xxx.xx.x.0/24 -j ACCEPT
I just installed the 10.7 drivers (no workaround they just installed). And now after boot i get a black screen. I have a Radeon HD 4850 there is a way to fix this without reinstalling the OS. Ok in recovery mode when I type Startx i get: line 143: /usr/bin/mcookie: no such file or directory Couldn't create cookie Then if i type Xorg -configure i get : Fatal server error: Cannot open log file "/var/log/Xorg.0.log" Please consult the fedora project support.
What is the command to show the host name of the ip address?Suppose, I've an ip address like 209.191.122.70, now I want to know its host name.What is the command for that?
So I'll try to be brief and to the point here: I've got a couple of C / C++ apps that communicate with one another via shared memory. These worked completely fine until.. well, about twenty minutes ago when I finished making some network card changes and suddenly, I've got a weird problem going on. At one point, Parent app waits for Child app to set a boolean indicating it's finished initialization. This worked fine the last time I ran this app up (a few days ago). But right now, the shared flag never seems to get triggered (I've added a printf("Waiting..."); in Parent app until the flag is set). All the code leading up to it being set in Child app seem to be running smoothly, so I tried spitting out the addresses of the shared memory locations. The addresses mapped by Parent app and Child app are different; this seemed odd, so I went back and wrote a simple miniature app that just opened a shared structure on my own box, and I get the same thing - different addresses - but the miniature apps work just fine.
Is it normal for a shared memory space to be mapped to two different addresses across two processes?
If so, does anyone have any idea what might be the issue at hand with my Parent / Child app scenario? The Child creates the shared memory, the Parent has a wait before it opens it, and if it doesn't exist should fail (opening with PROT_READ | PROT_WRITE)... it doesn't fail so it's evidently there.
All of this worked until literally just a few hours ago and I made some changes to my network cards, and I can't even imagine how that could have changed whether or not shared memory mapping worked...
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
