Networking :: IPTables - Cannot Set Drop All Output
Jan 16, 2011
I followed one of these tutos [URL]. My OS is Debian Lennny, iptables v1.4.2.
My iptables -L
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED, ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:xxxx
ACCEPT icmp -- proxy.provider.net anywhere
ACCEPT icmp -- proxy.p19.provider.net anywhere
ACCEPT icmp -- proxy.rbx.provider.net anywhere
ACCEPT icmp -- proxy.rbx2.provider.net anywhere
ACCEPT icmp -- ping.provider.net anywhere
ACCEPT tcp -- cache.provider.net anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports www,https
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:xxxx
As soon as I add "iptables -A OUTPUT -j DROP" server lock me out and I have to reboot to be able log back. The ssh port is open in both INPUT and OUTPUT what's wrong?
View 8 Replies
ADVERTISEMENT
Feb 21, 2011
I need to set OUTPUT to DROP, and add the outgoing traffic one by one, but I couldn't do it. My current config is as follows:
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
:RH-Firewall-1-OUTPUT - [0:0]
-A INPUT -j RH-Firewall-1-OUTPUT
#previously ESTABLISHED,RELATED comm is ok
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#80 is ok from all
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
If I change OUTPUT to DROP in :OUTPUT ACCEPT [0:0], I don't get any response from a server running in that box. I am using RHEL 5.5. Now, asking Red Hat is not an option: I have the license but I don't have support license.
View 3 Replies
View Related
Feb 19, 2010
I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
View 7 Replies
View Related
Jun 21, 2011
I have a config script for a particular software package that does...
iptables-restore < /etc/sysconfig/iptables > /tmp/firewall.log 2>&1
The problem is, the output hangs after this. If the user hits a return, the rest of the output comes to the screen and the script finishes normally. But the script looks like its hung because of this odd iptables-restore behavior.
View 1 Replies
View Related
May 24, 2010
I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
View 10 Replies
View Related
Jun 2, 2011
I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
View 1 Replies
View Related
Apr 20, 2010
Do I have to create a rule for:
Code:
$IPT -A fwalert -p tcp --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW $RLIMIT -j LOG $LOGLIMIT --log-tcp-options --log-level 4 --log-prefix
to drop rather than log if my table has a default policy of drop with :
Code:
$IPT -t fwalert -P DROP
View 3 Replies
View Related
Jan 13, 2011
When deleting a rule, when is better to use DROP instead of REJECT and vice versa? Also, please provide some basic info. for the use of MASQUERADE??
View 3 Replies
View Related
May 3, 2010
How can I drop or forward a incoming connection from a part of a host like *.alicedsl.de
For example:
The user is connection from *.alicedsl.de on port 12345
So how can I drop this connection or forward to google.com on port 80
View 5 Replies
View Related
Feb 23, 2010
I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies
View Related
Jun 30, 2010
I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
View 9 Replies
View Related
Jan 3, 2011
how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies
View Related
Aug 25, 2010
I put together the following filter set :
Code:
#!/bin/sh
#To understand this script, reference the No Starch Press Linux Firewalls Book.
MODPROBE=/sbin/modprobe
IPT=/sbin/iptables
IPTSV=/sbin/iptables-save
IPT6=/sbin/ip6tables
IPT6SV=/sbin/ip6tables-save
### flush / drop policy sets
echo "[+] Flushing existing rules with DEFAULT of DROP [+]"
echo "[+] IPv4 [+]"
$IPT -F
$IPT -F -t nat
$IPT -X
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
echo "[+] IPv6 [+]"
$IPT6 -F
$IPT6 -F -t nat
$IPT6 -X
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP .....
###OUTPUT rules: LOG rule
$IPT -A OUTPUT -o ! lo -j LOG --log-prefix "DROPED OUTBOUND" --log-ip-options --log-tcp-options
I wanted to know how to allow certain applications through the outbound tables. For example, I wish to be able to use tools such as nmap,tracepath, and traceroute. However, I am not sure where to look to understand the ports to open. I was starting to think that maybe rather than ports to open it would need to be somehthing like tcp flags that would ned to be allowed. Any way, I have tried google and am still haing problems. I started wanting to use these tools due to getting ready for my network+ and security+ certs.
View 2 Replies
View Related
Sep 19, 2015
I try to create some rules to detect an outgoing traffic from my debian jessie that is not from my IP or loop.
#!/bin/bash
/sbin/iptables -N C_OUT_N_LOCAL
/sbin/iptables -N C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL -m limit --limit 2/min -j LOG --log-prefix "PK: output not local : " --log-level 4
LO_IP="127.0.0.1"
MY_IP="192.168.0.4"
/sbin/iptables -I OUTPUT -p ALL ! -s $LO_IP -j C_OUT_N_LOCAL_LO
/sbin/iptables -A C_OUT_N_LOCAL_LO -p ALL ! -s $MY_IP -j C_OUT_N_LOCAL
View 0 Replies
View Related
Oct 25, 2009
What commands do you use to set the INPUT, OUTPUT, and FORWARD chains in iptables to ACCEPT?
View 5 Replies
View Related
Nov 25, 2010
I have a fresh install of f14. Using an Intel dp55wb mobo w/ integrated nic. I have access to network. Have access to internet. When downloading large files (f14.iso or ..... vid) after ~35 secs, data stream drops to 0. Other computers on network do not have problem. F14 computer is wired into router. Have tried a Biostar mobo w/ integrated nic w/ same results. Have changed patch cable. Have changed MTU's both higher and lower from default of 1500, no change.
View 2 Replies
View Related
Mar 21, 2010
I am having problems with download speeds in Ubuntu 9.10. Downloads start at a healthy speed and then drop to almost zero. This affects apt-get install, Pan newsreader etc. With apt-get install if I terminate the download (with [Ctl][C]) and restart it I get another burst at high speed then again back to almost nothing. It makes updates a nightmare. With Pan newsreader I get high speed for most files but when downloading some of the larger files the speed drops right back to almost nothing after a while. I am on wired ethernet (no wireless). Typically I will get about 1.1MB before the speed drops - although I think it may be a function of time rather than data. I am talking to my ISP via a Netgear FWAG114 router and a NetComm NB5 ADSL modem operating in bridge mode. Although a number of users appear to have experienced very similar symptoms here I haven't found an answer that works.
View 2 Replies
View Related
May 30, 2010
I have been using Ubuntu 10.04 (32 bit) as a headless workstation, running a VNC screen. Worked perfectly for about 3 weeks, then suddenly, I lost the Drag and Drop capability, for all applications.
For example:
Dragging and dropping to move items on the desktop does not work. The item simply pops back to the original location. Dragging and dropping to move items from one folder to another does not work. Same behavior -- the item just pops back to the original location. Dragging and dropping Bookmarks in Firefox does not work. The attempted Drag and Drop is ignored. Copy and paste still works fine. The problem does NOT occur when using an attached monitor (primary display screen :0).
I suspected that the changed behavior was caused by an update (from Ubuntu Update Manager). I confirmed this with the following:
Reinstalled Ubuntu 10.04 fresh from the live cd.
Configured minimal networking and installed VNC server.
Tested Drag and drop -- works okay
Applied pending updates (116) from Ubuntu Update Manager
Tested Drag and drop -- not working
I am using vnc4server and openssh-server installed from the repositories using Synaptic.
View 9 Replies
View Related
Jan 15, 2010
I've been using Ubuntu 8.04 for about a year and the wireless has been fine but now it's gone screwy and I can't figure out why. This has happened on my laptop and wife's who uses Ubuntu Hardy also. The speed drops to almost 0 mb/s whenever the signal strength is less than 95%.
It isn't the internet connection as vista (I dual boot) works fine below 95% signal strength. To get the internet speed to be at a level that can load an internet page, I have to within 3 feet of the router!! Both of the laptops don't use ndiswrapper, the internet connected straight away from a fresh install.
View 2 Replies
View Related
Mar 12, 2010
I am running Ubuntu 9.10 on a Dell inspiron 1520 with intel 3945abg wireless card. I am fairly new to linux and just installed it earlier in the day. Everything so far has been easy to setup and get running as well as the networking or so i though...
I can connect to my network and browse we pages just fine. However, when I download a file the speed starts high, drops down to around 50kbps and then works its way back up to around 1.3 mbps before dropping right back down. I tested a file on megaupload and it seems to bounce between 50kbps and 1.5mbps nonstop.
The driver i believe is the iwl3945 if that is the default driver. I have tried disabling ipv6 and that didnt seem to change anything. I've looked around on google and the forums and havent been able to find anything on how to fix this.
View 4 Replies
View Related
May 15, 2011
Folks, I am running 10.10 with the Macbuntu addon (theming, if that makes a difference).I've noticed for a long time, when I play some videos, my network connection (on this computer only) drops. For instance, while posting this, I began to watch this video:
HTML Code:
<iframe id="tsFrame55086" src="http://cdn.topspin.net/api/v2/widget/player/55086" style="width:400px;height:300px;border:none;" frameborder="0"/>
[code]....
View 7 Replies
View Related
May 31, 2011
I bought a Cisco 1841 to study for a cisco certs. In iptables terms filtered packets are -j REJECT instead of -j DROP. To make things worse telnet and ping replies are on by default.
View 5 Replies
View Related
Aug 22, 2009
I am using a VPN proxy service for privacy reasons. I have configured NetworkManager and it's PTPP VPN plug-in successfully.
I would like to configure NetworkManager to drop connections when the VPN fails so that I do not suffer 'privacy leaks' when it happens.
View 1 Replies
View Related
Nov 17, 2010
I am new to fedora, but not so new to linux. I've got f13 installed on my netbook, and the speed and overall beter-ness? of it made me want to get it going on my desktop. I've installed, and have updated the kernel, and network manager (Along with a few other things). My problem is this; after about an hour or two I get a drop out, unable to reconnect. Until I use 'ifconfig wlan0 down > ifconfig wlan0 up' then it works great for about 10 minutes, slows down, and eventualy drops out. i updated networkmanager in the hopes it may have been that, but it really made only a slight difference.
iwconfig :
$ iwconfig wlan0
wlan0 IEEE 802.11bg ESSID:
Mode:Managed Frequency:2.462 GHz Access Point: 00:1E:2A:0E:08:50
Bit Rate=54 Mb/s Tx-Power=18 dBm
Retry long limit:7 RTS thr: off Fragment thr: off
Power Management: on
Link Quality=32/70 Signal level=-78 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
I am using a linksys wusb54g > chipset ralink rt2510? (don't quote me on that its from memory). I am also using WPA encription. I am currently messing with those setting to see if that helps.
View 3 Replies
View Related
Aug 23, 2010
I have a sh-tty B/G wireless card that does 500mw according to iwconfig. I also have a nice little panel antenna on this card that does 7dBi. This rig picks up a lot of signals and that is really great. However I am experiencing a problem. I am able to Internet browse on non-encrypted networks as long as the wireless manager shows a full four bars. However, if I try to connect to a three bar network, I will not be able to browse the Internet. I have a solid lower level 3 bars, I'm assigned an IP addy, but I get absolutely no throughput.
So, I think this has something to do with receiver sensitivity. In G mode, this card does a lousy -65ish or so at 54 meg. So what I'd like to do is drop to 5.5 or 11 meg B because at 5.5 meg or 11 meg B, the card does a much more acceptable 90+ sensitivity.Does anyone have the command string/app for this? I would like to force a card to operate in no better than 802.11B@5.5meg rather than having it auto select 802.11G@54meg.
View 1 Replies
View Related
Mar 8, 2011
I have (had?) ndiswrapper-dkms installed, and used it to get a wireless card working. After a kernel update, the card stopped working, and I tried to re-install it. Part of the directions included doing -r to about everything connected to the original install. Now I still show "Windows Wireless Drivers" in the drop-down menu, but when I click on it, it "flashes" for a split-second, and then disappears.'ve tried re-installing it from Synaptic, and doing "sudo apt-get install ndiswrapper-dkms" but it just returns saying that I already have the latest version.
View 1 Replies
View Related
May 20, 2010
I am running a test to determine when packet drops occur. I'm using a Spirent TestCenter through a switch (necessary to aggregate Ethernet traffic from 5 ports to one optical link) to a server using a Myricom card.While running my test, if the input rate is below a certain value, ethtool does not report any drop (except dropped_multicast_filtered which is incrementing at a very slow rate). However, tcpdump reports X number of packets "dropped by kernel". Then if I increase the input rate, ethtool reports drops but "ifconfig eth2" does not. In fact, ifconfig doesn't seem to report any packet drops at all. Do they all measure packet drops at different "levels", i.e. ethtool at the NIC level, tcpdump at the kernel level etc?nd am I right to say that in the journey of an incoming packet, the NIC level is the "so-called" first level, then the kernel, then the user application? So any packet drop is likely to happen first at the NIC, then the kernel, then the user application? So if there is no packet drop at the NIC, but packet drop at the kernel, then the bottleneck is not at the NIC?
View 1 Replies
View Related
Jul 19, 2010
I need to transfer 330G of data from a hard drive in my workstation to my NAS device. The entire network is gigabit and being run with new HP procurve switches. All machines have static IP addresses. The NAS is a Buffalo Terastation PRO which has the latest firmware, is set to jumbo frames, and has just been upgraded with 4 brand new 500G drives giving us a 1.4TB raid 5 setup. My workstation is a dual Quad core xeon box running on an Intel S5000XVN board with 8G of ram. My OS is Ubuntu 10.04 x64 running on a pair of Intel X25 SSDs in a raid mirror. The data drive is a 500G SATA drive connected to my onboard controller. The file system on the SATA drive is XFS. This problem was ongoing before I got my new workstation, before we had the GB switches, and before the NAS got new drives. When I transfer a small file or folder (less than 500M) it reaches speeds of 10-11 MB/sec. When I transfer a file or folder larger than that the speed slows to a crawl (less than 2MB/sec). It has always been this way with this NAS. Changing to jumbo frames speeds up the small transfers but makes little difference in the big ones. I verified with HP that the switches are jumbo frame capable.
View 2 Replies
View Related
May 19, 2010
I have a question regarding packet drops. I am running a test to determine when packet drops occur. I'm using a Spirent TestCenter through a switch (necessary to aggregate Ethernet traffic from 5 ports to one optical link) to a server using a Myricom card. While running my test, if the input rate is below a certain value, ethtool does not report any drop (except dropped_multicast_filtered which is incrementing at a very slow rate). However, tcpdump reports X number of packets "dropped by kernel". Then if I increase the input rate, ethtool reports drops but "ifconfig eth2" does not.
In fact, ifconfig doesn't seem to report any packet drops at all. Do they all measure packet drops at different "levels", i.e. ethtool at the NIC level, tcpdump at the kernel level etc? And am I right to say that in the journey of an incoming packet, the NIC level is the "so-called" first level, then the kernel, then the user application? So any packet drop is likely to happen first at the NIC, then the kernel, then the user application? So if there is no packet drop at the NIC, but packet drop at the kernel, then the bottleneck is not at the NIC?
View 1 Replies
View Related
Sep 8, 2010
I noticed this weekend that I began experiencing wireless issues with the NIC (Intel 5300) on my laptop. I have had no problems with the wireless using several Ubuntu versions. This began after I installed the packages associated with the Update Manager last Friday, which included the 2.6.32-25.43 kernel update. My wireless will drop out anywhere from 10 seconds to a couple minutes later after connecting to my router. Again, I have not have any wireless issues before. Below is the end of dmesg when I enable the device.
[ 1220.725229] Registered led device: iwl-phy0::radio
[ 1220.725372] Registered led device: iwl-phy0::assoc
[ 1220.725883] Registered led device: iwl-phy0::RX
[ 1220.726422] Registered led device: iwl-phy0::TX
[ 1220.749395] ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 1228.969542] wlan1: deauthenticating from 00:24:01:f5:b8:b0 by local choice (reason=3)
[ 1229.008433] wlan1: direct probe to AP 00:24:01:f5:b8:b0 (try 1)
[Code].....
View 1 Replies
View Related
