Security :: Iptables - Block Bad And Not Related Packets

Jun 8, 2011

My VPS host a mail, blog and web site. So i want to block port i not use. The port that i use is 80,21,2022,443. The other port will be drop. I want to block bad packet and all packet that not related. Can anyone how to write in iptables?

View 2 Replies


ADVERTISEMENT

Ubuntu Security :: Why These Packets Droped By Iptables

Apr 30, 2011

i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:

Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle

[code]....

View 9 Replies View Related

Security :: Block Certain Crafted Packets With IP Tables Before Reaching A Server?

Mar 14, 2011

Battlefield 2 server being attacked by packets that creates infinite loop, then when a player disconnects, server crash.

The packets seems to be always the same.....

Attacker Script: [URL]

Script in action:

[Code].....

I need to find a way to block these 4 packets (i think theyre 4 for what i tested) with IP TABLES.

EDIT: There seem to be other different replies, maybe 1 different but no more.... maybe you can find something useful in the script.

View 3 Replies View Related

Ubuntu Security :: Drop Igmp Port 0 Packets With Iptables Rule?

Jan 3, 2011

how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.

View 2 Replies View Related

Security :: Iptables To Block Ip From Ftp?

Mar 6, 2010

Is this how I would do that?

iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP

This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.

View 1 Replies View Related

Fedora Security :: Iptables - Block Everything From Getting In My Pc

Mar 17, 2009

What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.

View 2 Replies View Related

Ubuntu Security :: UFW Block ICMP When Add Non ICMP Related Rule

May 21, 2011

I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.

View 1 Replies View Related

Security :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?

Mar 30, 2011

I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :

Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....

In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.

Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".

Does this configuration not enable incoming packets from connections initiated from inside?

View 3 Replies View Related

Ubuntu Security :: Block All Ports Except Pop And Smtp In NAT Through Iptables?

Jan 20, 2010

how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3

View 2 Replies View Related

Ubuntu Security :: Iptables, Block Port Except For Eth0

May 24, 2011

I would like to allow incoming and outgoing connections when I'm connected to a wired connection, but drop it otherwise. I noticed that ufw can't block outgoing traffic because of will I give iptables a try. I'm unsure if dropping packages that are outgoing will work, the rule after the block rule will allow all outgoing connections.

This what the rules are intended to do, unsure if that is actually the case. Allow all loopback traffic. Allow ping replys Allow incoming on port 12345 if eth0, deny otherwise. Allow outgoing on port 12346 if eth0, deny otherwise.

Code:
iptables -A FORWARD -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s -m state --state ESTABLISHED,RELATED -j ACCEPT

[Code]....

View 3 Replies View Related

Security :: Block IP After Failed Login Attempt Using Iptables?

Aug 11, 2009

I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?

View 7 Replies View Related

Networking :: How To Block The Ftp Packets

Dec 3, 2010

using layer 7 filtering how to block the ftp packets?..

In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP

above statement will it work in my router?.

View 1 Replies View Related

Programming :: Drop Packets (not Iptables) In C / C++

May 24, 2010

I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.

View 10 Replies View Related

Ubuntu Security :: Dell Inspiron Security Related?

Apr 17, 2011

on the bios of my dell inspiron i have the option among others to set a password on my hdd. so my questions are: which exacly is the point of this? does it encrypt my hdd in any way? if someone has physical access on my computer and takes out the hdd,could he gain access? im a regular home user but im very curius to know

View 9 Replies View Related

General :: Iptables Drop Fake Ip Packets?

Jun 2, 2011

I'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.

Do I need both lines or only the first ?

--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP

View 1 Replies View Related

Networking :: Iptables REDIRECTing - All Outgoing Packets ?

Dec 6, 2010

I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.

So here's what I tried:

All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.

I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.

View 1 Replies View Related

Networking :: Iptables Routing Packets On Same Sub-network

Feb 17, 2010

I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.

View 3 Replies View Related

Networking :: Redirecting Packets To Virtual Machine With Iptables

Mar 16, 2011

I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.

View 1 Replies View Related

Networking :: Interesting Distribution Of Packets Over Iptables Rules

Mar 13, 2011

I'm trying to configure NFS sharing behind a firewall, I got it to work and all but I was caught by something that (to me anyways) seems odd.I've been able to mount the export on another computer and am transferring files over as we speak, but I'm just interested in knowing why the RELATED,ESTABLISHED rule seems to be catching almost all the traffic coming from the other node. Any ideas? Should I be concerned that my firewall isn't protecting anything or something?

View 1 Replies View Related

Networking :: SIP Packets Mysteriously Disappearing / When Iptables-nat Activated

Sep 10, 2010

I have a very weird case in my firewall.I have an asterisk server and some phones and between them there is a linux firewall based on iptables.With basic rules on iptables everything works ok, but when I put a single nat rule (no matter what rule I use) some packets from some phones misteriously disappear from interfase to interfase.

Clearer:The firewall has two interfases: eth0 (pointing to phones) and eth2 (pointing to asterisk).One problematic phone is 192.168.3.242, so I use tcpdump this way.

View 14 Replies View Related

CentOS 5 Networking :: View The Packets Saved By Iptables?

Jun 26, 2009

if am using --log-prefix "BANDWIDTH_OUT:" --log-level 7 to capture packets, I think is there a way to view these?

View 4 Replies View Related

Programming :: Write A Program In C That Can Sniff Packets From Ethernet And Distinguish RTP Packets From Non-RTP Packets?

Aug 30, 2010

i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do

View 9 Replies View Related

Networking :: IPTables / SSH Connection To .150 - The Packets Are Still Handled By .150 After Adding The Rules

Jul 2, 2010

I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):

iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE

My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160

View 5 Replies View Related

Networking :: Promiscuous Interface And Iptables To Receive Packets Not Destined To Localhost

Mar 22, 2010

I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.

View 2 Replies View Related

Ubuntu :: How To Block All Outgoing With IPTables

May 10, 2010

I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.

View 1 Replies View Related

Networking :: Block IM With Iptables Or Squid?

Dec 24, 2008

in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.

View 2 Replies View Related

Networking :: Block Web Access With Iptables ?

Apr 25, 2010

Just wondering if it is possible to block web access on a certain ip address with iptables.

Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.

View 14 Replies View Related

Networking :: Block The Urls With Iptables?

Feb 22, 2010

I have a server with slackware 12 and i try to block 2 web sites but without success. I write in iptables rules /etc/iptables.conf

iptables -A INPUT -s web.org -j DROP
iptables -A OUTPUT -d web.org -j DROP

but no effect. What rule i must write to block url`s?

View 4 Replies View Related

General :: Block And Allow IP Using Iptables In RedHat 4.0?

Aug 3, 2009

I have blocked below IP by using iptables command in RedHat Linux 4.0.

Code:

iptables -A INPUT -s 192.168.0.85 -j DROP

It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.

View 2 Replies View Related

Networking :: Using Iptables To Block IP Addresses Automatically?

Dec 7, 2009

I want to use iptables to automatically block all IP addresses who send UDP packets with length 11 more than 3 times per 10 seconds.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved