Networking :: Generic Way To Block Specific Port?

Jul 9, 2011

Recently I discovered that we were accidentally running a POP server (port 110), when we only should have been running the encrypted version thereof (port 995). This wouldn't have been a problem if the port was blocked in the first place. I had wrongly assumed that any port NOT specifically listed in one's firewall rules (CentOS 5 with default iptables installation) would be blocked. I thought you had to add a rule to /etc/sysconfig/iptables in order to open up a port. Apparently this is NOT the case. So is it true that if I install some random software that starts listening on any number of ports that I have not specifically mentioned in /etc/sysconfig/iptables that it will not be blocked - it will work right away?

Anyway, I guess two questions:
1) What's a generic way to block a specific port? I use rules like this to "open" ports (although is this not needed if they're open anyway?)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
What's the analog of this kind of rule to *block* a port?
2) Is there a better way to configure iptables to block all ports that are not mentioned in its configuration? Is that dangerous? (will it block things that I don't want to block?)

View 3 Replies


ADVERTISEMENT

Ubuntu Networking :: Port Forwarding Through A Specific Port?

Jul 14, 2011

I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS

View 1 Replies View Related

Networking :: Block Specific Websites - Preferred Method ?

May 19, 2010

I'm trying to block specific websites, preferably using a portion of the url.

For example, if blocking [url], [url] would also be blocked. This implies that simply blocking a single IP using iptables would not work well.

The names to block will be somewhat dynamic, so a list specification would be ideal.

In my case, the LAN has a mix of linux and ms machines, and they all use a linux gateway currently running dnsmasq.

I find suggestions from using /etc/hosts (might work with yp, but not ideal) on the gateway machine, through to using squid on the gateway machine.

View 9 Replies View Related

Server :: Sendmail: Block Specific Sender To Specific Recipient?

Oct 1, 2009

I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.

View 6 Replies View Related

Networking :: Block Multiple Port From Lan Going Out The Net?

Aug 21, 2010

how to block multiples ports from my internal lan going out to the internet?, I want to prevent LAN user's in accessing this kind of ports for example port from 1500-10000.

im making a personal firewall script, im just testing it for just curiositie's sake.

will i use the foreward chain policy?? to drop all packets, like port 1500:10000
note '#' stands for root

#iptables -A FORWARD -s 192.168.0.1/24 -p tcp --dport 1500:10000 -j DROP
#iptables -A FORWARD -s 192.168.0.1/24 -p udp --dport 1500:10000 -j DROP

View 1 Replies View Related

Networking :: Route Only For A Specific Port And Target?

Mar 14, 2011

I have to route some packages over the right interface.I default route everything for the target-network over one network-interface. That works perfectly. But i have to route packages for one specific host and one specific port over another network-interface. I tried many things with the route-command, but i think there's no possibility to route only one port? May i can do this with iptables? I only found ways to forward some packages, which are coming in over one interface. But in my case all packages go out over one interface.

View 13 Replies View Related

Networking :: Trace Route On A Specific Port?

Dec 4, 2009

I've got a few systems which forward ports to one another all over the place, and somewhere along the line a port forward fails. I want to trace the route of a connection on a specific port to see where the connection hits a wall, to see what system is causing the problem. I've tried `tracetoure -T -p <port>` but it doesn't output anything about the ports it hits, stops when it hits the address I supplied even though it is forwarded elsewhere, and there doesn't seem to be a verbose mode. interstingly, if I specify a different source port via the '-s' option, the trace keeps hopping to * * * * and never get anywhere (at least to 27 hops then I CTRL+C)

View 6 Replies View Related

Networking :: Definition: "a Process That Replaces A Series Of Related, Specific Routes In A Route Table With A More Generic Route"

Oct 21, 2010

I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..

View 1 Replies View Related

Ubuntu :: Block IPs When Hitting Specific URL?

Feb 11, 2011

I've noticed in my Apache logs a lot of hits to a specific URL on my server. The thing is, the URL is invalid and returns a 404. Every hit has a different Agent ID (things like Windows NT 4 and IE 8, Mac OS and Safari, Windows 7 and Mozilla, etc) and usually a slightly different IP address. If you browse the URL with Chrome/Firefox, it gets reported as potential phishing activity - despite it only returning a 404 error.

I blocked a range of IPs with IPTables which worked for a while, but I can see the IP address has changed again (outside of the range I set) and is generating logs again.

Is it possible to automatically block any IP attempting to access this specific URL?

View 1 Replies View Related

General :: Block A Specific MAC Address?

Feb 5, 2011

how to block a specific MAC address

View 2 Replies View Related

General :: Any Way To Block Specific Websites?

Jul 28, 2011

How to block unwanted sites.

View 1 Replies View Related

General :: Block A Specific Content Using Squid?

Aug 24, 2010

In Iran there is a famous "access denied page" that redirects you to a strange page with a lot of HTML errors and lol, telling you RTFM about ridiculous Internet laws.I want to filter the contents of the page, because the page IP, URL, ... are all unknown.I don't know much about squid configuration scripts.I can read but cannot write

View 1 Replies View Related

OpenSUSE :: Can Apparmor Block Execute Any Program In A Specific Dir

Jun 10, 2010

prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?

View 5 Replies View Related

General :: Block A Specific User To Run SSH And Leave Him The Access To FTP?

Jun 19, 2010

I run the openssh daemon on port 22 and have the proftp running on port 21. I would like to block SSH for a specific user.I use proftpd.I would like to prevent the SSH access for this user and leave the FTP working for this user specific.Into /etc/passwd, I tried to change the /bin/bash to /bin/false, but this blocks both SSH and FTP access for this account.

View 3 Replies View Related

Security :: Block Computer From Connecting To A Specific IP Address?

Feb 13, 2010

I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):

SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP

I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.

View 8 Replies View Related

Programming :: Count Specific Entries Inside A Block?

Jul 15, 2011

What I want to do is from a file having block like

<event>
8 3 0.2685416E-02
2 -1 0
21 -1 0

[code]...

The first line after the "<event>" is its process-id, so I would like to have at the end a summary of how many "event" block I have for each type, ie how many

6 1 0.2685416E-02

or how many

7 2 0.2685416E-02

etc etc

I do not know in advance how many different-kind of block I will have, so it has to be a bit smart to scan the file, and make an new "summary" info for each unique type I was using something like

awk '/<event>/,/</event>/{if ($3 -eq 0.2685416E-02 ) { print $1" "$2" "$3}}' file > out

and then

grep -c "$1" "$2" "$3" but with no success since my awk commands prints all lines of each block

Suppose, that in advance I do know the $3, ie the 0.2685416E-02 which is a kind of weight

View 8 Replies View Related

General :: Display Specific Block Of Contents Or Lines In Output?

Apr 23, 2010

Consider a situation in which you want to display only specific lines of contents from a file or of a command's output. Yes, we have head and tail commands. But, how to view all the lines of a file except the last one or vise versa when we don't know the count of lines in advance?

Consider this output:

Code:

[root@localhost ~]# ps au | grep bash
root 6316 0.0 0.0 4672 1440 tty1 Ss+ Apr22 0:02 -bash
root 20847 0.2 0.0 4672 1432 pts/0 Ss Apr23 0:12 -bash
root 21167 0.0 0.0 3920 660 pts/0 S+ 01:00 0:00 grep bash

Here, I don't want the last line (in italic) to be included in the result since the last line is due to "grep bash" in the devised command "ps au | grep bash". Well, we can rewrite the devised command:

Quote:

"ps au | grep bash | head -n 2"

But, again, here we are specifying the count of lines to be included. But, in the presented problem we don't know any count in advance!

View 6 Replies View Related

General :: Which Command Is Used To Block Tcp Port

Mar 26, 2010

i want to block tcp port with the help of iptables commands linux.which command is used for this purpose?

View 2 Replies View Related

General :: Block 12010 Port From My Box ?

Oct 28, 2010

I am unable to block this 12010 port in our server end. I used below command. But no luck.

I have blocked with CSF also .

But no luck with both firewalls

Still it is showing like this.

How to block this port 12010

View 5 Replies View Related

Fedora Networking :: Port Redirect, I.e. Whatever Comes Through Whatever Interface On Port AAAA Will Get Redirected To Port BBBB?

Feb 18, 2010

I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:

nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB

[code]....

View 10 Replies View Related

Security :: Block Port Scanning Attempts?

Nov 18, 2010

I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)

Code:
Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197
Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66

How can I block above such attempts?

View 11 Replies View Related

Hardware :: USB Generic Serial Driver, And FTDI Single Port Driver As A Module, But It Still Isn't Getting Recognized?

Feb 4, 2011

My gentoo laptop doesn't have a serial port, so I got a usb-serial (RS-232) adapter from ebay. However when I plug it in, the only thing dmesg mentiones is: Code:usb 5-1: new full speed USB device using uhci_hcd and address 2I've tried to look for a kernel driver in "make menuconfig" by pressing "/" and typing 232. Nothing about RS-232. Device Drivers -> Character drivers -> Serial drivers has 8250 and UART as a module. Device Drivers -> USB support -> USB serial converter support has in-kernel: USB generic serial driver, and FTDI Single port driver as a module, but it still isn't getting recognized.Is there some module i forgot to enable, or do i have to download a separate module from somewhere?

View 5 Replies View Related

OpenSUSE Network :: Block All Ports But Port 80 With Iptables (DMZ)?

Jun 25, 2010

I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.

So now I'm struggling a bit with Iptables. Basicly what I'm looking for is how to block all ports but 80 in this last subnet with iptables.

View 5 Replies View Related

Ubuntu Security :: Iptables, Block Port Except For Eth0

May 24, 2011

I would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.

This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.

Code:
iptables -A FORWARD -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT

[Code]....

View 3 Replies View Related

Slackware :: Setting Up Initrd - Generic Kernel In Grub2 - Can't Load Generic

Jan 4, 2011

I am trying to figure out how to load the generic kernel in Grub2.

I have run the /usr/hare/mkinitrd/mkinitrd_command_generator.sh and ran the output:

Code:

Why this will not load.

View 10 Replies View Related

Server :: Get FTP To Use A Specific Port Number?

Mar 17, 2011

How do I get FTP to use a specific port number? .. I read the manual but cannot work this one out.

View 2 Replies View Related

Server :: Block The Particular Pop3 And Imap Port Monitoring In Opennms?

Jul 16, 2011

I had installed opennms im getting email alert when all port are getting down and i also getting pop and imap messaage to whn th eport get dwn i want to stop asap mesage of pop3 and imap..whether its poasssible to block partilar imap and pop3 port .

View 2 Replies View Related

Debian :: Connecting To SSH With Specific Source Port

May 14, 2015

I'm looking forward to know how to connect to a remote server through SSH but from a specific port, so I con drop connections from random ports that's not the one I choose. Is this possible?

I have tried by setting up an iptables entry to forward output through both, PREROUTING and OUTPUT (one at each time, flushing when I can see that it's not working), in NAT table, so I can connect doing ssh localhost

Code: Select alliptables -t nat -I OUTPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --dport 4141 -j DNAT --to 192.168.1.2:4040

Unfortunately, it is not forwarding as I'd like.

I want to do this because I think that doing this will enhace the security, dropping connections of clients that are trying to connect from not allowed ports. I have already set up fail2ban and created SSH keys, not allowing to login with password, only key allowed. Will only allowing connections from a specific port will enhance the security or not really?

View 4 Replies View Related

Debian :: SSH AllowGroups Specific To Port Number?

Sep 17, 2010

Is it possible to setup SSH Daemon to listen on multiple ports and only accept specific groups to a given port? In the past I've created a second SSH Daemon by copying the config file and /etc/init.d/ daemon then configuring each port separately / rules however if I was able to maintain just the one Daemon that would be optimal. Is this possible?

View 1 Replies View Related

General :: How To Find Processes Using A Specific Port

Dec 11, 2010

how can i find on a linux system the processes that are using 8080 port (ex a web server)

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved