Security :: Iptables - Block Bad And Not Related Packets
Jun 8, 2011
My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?
View 2 Replies
ADVERTISEMENT
Apr 30, 2011
i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
View 9 Replies
View Related
Mar 14, 2011
Battlefield 2 server being attacked by packets that creates infinite loop, then when a player disconnects, server crash.
The packets seems to be always the same.....
Attacker Script: [URL]
Script in action:
[Code].....
I need to find a way to block these 4 packets (i think theyre 4 for what i tested) with IP TABLES.
EDIT: There seem to be other different replies, maybe 1 different but no more.... maybe you can find something useful in the script.
View 3 Replies
View Related
Jan 3, 2011
how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies
View Related
Mar 6, 2010
Is this how I would do that?
iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP
This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.
View 1 Replies
View Related
Mar 17, 2009
What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.
View 2 Replies
View Related
May 21, 2011
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies
View Related
Mar 30, 2011
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
View 3 Replies
View Related
Jan 20, 2010
how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3
View 2 Replies
View Related
May 24, 2011
I would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.
This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.
Code:
iptables -A FORWARD -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code]....
View 3 Replies
View Related
Aug 11, 2009
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
View 7 Replies
View Related
Dec 3, 2010
using layer 7 filtering how to block the ftp packets?..
In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP
above statement will it work in my router?.
View 1 Replies
View Related
May 24, 2010
I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
View 10 Replies
View Related
Apr 17, 2011
on the bios of my dell inspiron i have the option among others to set a password on my hdd. so my questions are: which exacly is the point of this? does it encrypt my hdd in any way? if someone has physical access on my computer and takes out the hdd,could he gain access? im a regular home user but im very curius to know
View 9 Replies
View Related
Jun 2, 2011
I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
View 1 Replies
View Related
Dec 6, 2010
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
View 1 Replies
View Related
Feb 17, 2010
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies
View Related
Mar 16, 2011
I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
View 1 Replies
View Related
Mar 13, 2011
I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?
View 1 Replies
View Related
Sep 10, 2010
I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.
Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.
View 14 Replies
View Related
Jun 26, 2009
if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?
View 4 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Jul 2, 2010
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
View 5 Replies
View Related
Mar 22, 2010
I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
View 2 Replies
View Related
May 10, 2010
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies
View Related
Dec 24, 2008
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies
View Related
Apr 25, 2010
Just wondering if it is possible to block web access on a certain ip address with iptables.
Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.
View 14 Replies
View Related
Feb 22, 2010
I have a server with slackware 12 and i try to block 2 web sites but without success. I write in iptables rules /etc/iptables.conf
iptables -A INPUT -s web.org -j DROP
iptables -A OUTPUT -d web.org -j DROP
but no effect. What rule i must write to block url`s?
View 4 Replies
View Related
Aug 3, 2009
I have blocked below IP by using iptables command in RedHat Linux 4.0.
Code:
iptables -A INPUT -s 192.168.0.85 -j DROP
It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.
View 2 Replies
View Related
Dec 7, 2009
I want to use iptables to automatically block all IP addresses who send UDP packets with length 11 more than 3 times per 10 seconds.
View 1 Replies
View Related