I open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
View 9 Replies
I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
View 2 Replies View Relatedsecuring VNC connections by tunneling the connection over SSH. However, from the server perspective it will still allow an unsecured connections and you're relying on the client to setup up the SSH tunneling. Is there a way to configure the Linux server to now allow connection over an unsecured channel?
View 4 Replies View RelatedI want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies View RelatedHow I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedThere is this active connection in firestarter: ec2-174-129-193-12.compute-1.amazonaws.com (Port 443 - Service HTTPS - program python)After doing ps aux | grep PID it shows: /usr/bin/python /usr/lib/ubuntuone-client/ubuntuone-syncdaemon...This comes up in the firewall in each login, how do I get rid of it and how did it get there in the first place? Another question is if there is a way to limit a program's access to the internet. For example KCalender.. The things I type up in there may be stored somewhere. How can I disable complete access to the internet for that program and any other program so they can't backup, share, check etc. ?
View 3 Replies View RelatedI'm running Ubuntu 8.04.3 server on my XP Pro SP3 machine using VMWare. I'm trying to set up a static IP address but I can no longer ping anything except my router (not even the XP machine it's hosted on). I'm using "bridged" mode in VMware
Here's my /etc/network/interfaces file:
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
I have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies View RelatedI would like to log and drop outgoing connection attempts, but the log is not showing the destination IPs.I have the following Iptable rules for my browser:
Code: Select alliptables -N LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -j LOG --log-prefix "browser connections: " --log-level 6
iptables -A LOGGING -j DROP
Only after removing the DROP line it works.
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
View 2 Replies View RelatedIs there a program like peer block for ubuntu? It is an ip filter program. Here is the website to help answer questions on what type of program it is. http://www.peerblock.com/
View 6 Replies View Relateddepending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program. but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations? Can apparmor confine every thing what under a specific directory by default? because use: aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?
View 2 Replies View RelatedI want to block yahoo, skype IM program with a schedule.Just unblock from 10AM - 2PM and 3PM - 5PM everyday.I tried block from router, but it's not block completely and haven't schedule function.I found that a firewall (Iptables and ISA) can do that. Have anything else can? Can anyone give me some advises
View 3 Replies View RelatedHow do you go about getting the raw size of a block device under Linux from within a C program? And I mean the raw size of the block device itself, not a file system that may or may not be installed on it. And I'd like to be able to get the raw size of any block device, from hard drives (e.g., /dev/sda) to LVM partitions (/dev/mapper/vg0-home) to loop devices to anything else that is a Linux block device.
View 3 Replies View Relatedprohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?
View 5 Replies View RelatedI am trying to run C++ program on linux.
My program consume a lot of memory so that the memory is used up fast and memory swap is very high.
I can find this by "ps" .
My program is long.
I need to find out which part of my program consume so much memory ?
I'm trying to block an incoming URL. My ISP is hijacking 404 pages and annoyingly changing the URL line in the browser and flashing all sorts of popup ads. I just need it for incoming URLs which my router doesn't seem to handle. I'd prefer something packaged with Ubuntu 8.04, but anything simple will do. I know in KDE I could edit the kdeglobals file with:
[KDE URL Restrictions]
rule_1=open,,,,[URL],,false
rule_count=1
i have recently had a house mate move in and he is using my wireless network, even though i asked him not to give out the network key to his friends either he has or they have hacked my network and are using it when they come over, is there a program i can use to monitor the number of computers that are connected to my network and block them, or is there a way i can just wee what is going on. They seem to just connect and i don't want to have to change the password particularly because that involves changing it on multiple devices.
View 1 Replies View RelatedI did one of the recommended port scans and all ports passed but failed on pinging. How do you turn pinging on & off with GFUW?
View 9 Replies View RelatedMy question is how to block a subdomain of a site. To make it as clear as possible, I'll give an example. I am regularly entering this arbitrary site [URL] which redirects me to this page [URL] and this index.html takes an image from a subdomain which is a subfolder of itself, that is: [URL]. What I am asking is blocking the images to be taken, but not the main page itself, i.e. to block www.somesite.abc/images/ without blocking the overall www.somesite.abc.
My idea was to use the /etc/hosts file by redirecting to loopback address:
Code:
127.0.0.1 www.somesite.abc/images
But it looks as if it doesn't affect things at all. Should I use it another way? Modifying /etc/hosts.deny maybe useful?
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedI want block https sites if suppose block the http it will opening in https.
View 9 Replies View RelatedFor example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
View 3 Replies View Relatedon my linux server i have many websites but with difrent ips address, is some way to i can block all the ips with many connection (100+) just from my website not from all websites
View 5 Replies View RelatedIs this how I would do that?
iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP
This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.
What is the absolute quickest or easiest way to block an incoming connection by their IP address? I'm running an apache2 LAMP server on Ubuntu 8.10. For example, let's say I'm watching my server error logs and I see someone using a script to check for phpmyadmin and other such folders. Right away I know this is a hack attempt. Firestarter does not allow ANY way to block an incoming connection by IP (to my disappointment) and adding the IP to an apache configuration file requires an apache restart (way too much trouble and time).
View 5 Replies View RelatedI want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies View RelatedI am running Debian on my server (OpenMediaVault) and i am connected to a VPN service, using openvpn. BUT! How do i make sure that the internet connection, stays through my VPN service, or gets blocked, if the connection through the VPN tunnel fails? Jeah, yeah call me paranoid..
I have read this: [URL] ....
I don't know how i use the source code. Is there a script somewhere i can just download? And i don't want the LAN connection to be blocked.. only outgoing traffic!!
