Ubuntu Security :: Cmd-owner Option In Iptables - Broken With SMP
Apr 26, 2011The --cmd-owner option was removed in kernel 2.6.14 because was broken with SMP. Is any way to filtering by process name?
View 1 Replies
ADVERTISEMENT
Fedora Security :: Iptables Non-standard Broken?
Jan 28, 2010I found a behavior of iptables on FC12 to be different and suspect it's broken somehow. Here is what I did
# iptables -F
# iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j ACCEPT
I don't have a shell on FC12 with me to show the output of iptables -L -n but it looks good after above 2 commands. However, after issuing the following third command iptables -L -n gives "wrong" result
# iptables -R INPUT 1 -s 127.0.0.1 -p tcp --dport 22 -j ACCEPT
Namely iptables -L -n gives extra "/0" after 127.0.0.1 in the output I have checked on Ubuntu 9.10 and centos 5.4 and they don't give extra "/0"; iptables is not supposed to do that. Of course, I didn't invent these examples but they are abstracted from actual real life scenerio of trying to build rules on our servers.
Security :: Best File Persmissions And Owner For Web Files?
Dec 13, 2010What are the best file persmissions and owner for web files?
View 1 Replies View RelatedServer :: Owner Of A Directory Different Than File Owner?
Apr 21, 2009How can I make a virtual host (right now I just use NameVirtualHost *:80) that will load the same page for every domain that matches imap.domain.com, smtp.domain.com, or pop3.domain.com?
View 4 Replies View RelatedUbuntu Security :: Selecting The 'Available To All Users' Option In Network Mgr Mess With Security?
Oct 15, 2010To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedSoftware :: OS Install Via Pxe - No USB Boot Option And A Broken Scsi Cdrom Drive
Aug 12, 2010I have successfully setup a FOG server to image my Windows clients, so I have tftp, pxe and anything else related to booting to a pxe server setup and rocking. What I'm trying to do now, is use the CentOS net install files to setup CentOS on an old server with no USB boot option, and a broken scsi cdrom drive (it's a Dell PowerEdge 2400, with a single PIII 733 and 1.25GB ram).
Using the FOG Projects gparted wiki entry (adding gparted to the pxe boot menu) I was actually successfully able to pull the net install files over to the PE, and install CentOS 5.5 via local ftp server. At first it kept erroring out (I kept picking and choosing individual packages from the package groups), so I thought it may be an issue with the GUI install (the python script kept spitting back errors forcing a reboot). In any case, I finally got through the GUI install, but now I need / want to know how to force a text mode install.
[Code]....
the bolded "append" line is where I thought I could force the text mode install script, but that didn't work. The vmlinuz and initrd.img files were both pulled form the net install iso, NOT the livecd. Would that have made a difference? If not, what / where / how should I force the text mode install script?
Security :: Removing Setuid Option For Security?
Nov 18, 2010According to Security standards given in[URL]Quote:Unless otherwise approved the following setuid root binaries are the only ones allowed on production servers:
* /bin/su
* /usr/bin/sudo
* /usr/bin/passwd
[code]....
Ubuntu Security :: How To Reset The Iptables
Jan 14, 2010i ran this
Code:
iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit
i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?
Ubuntu Security :: Use Address Not Ip In Iptables?
Jul 24, 2010i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?
View 7 Replies View RelatedUbuntu Security :: Iptables Configured By UFW ?
Sep 17, 2010I've recently moved from Firestarter to UFW/GUFW, and I wonder if someone could confirm if my iptables configuration is secure.
When I enter sudo iptables -L i get:
Code:
Ubuntu Security :: Iptables Allow Via Spesific NIC?
Dec 29, 2010eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet
View 1 Replies View RelatedUbuntu Security :: How To Clear Iptables
Apr 21, 2011Installing a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
View 2 Replies View RelatedUbuntu Security :: Both Ufw And Iptables Running Together?
May 23, 2011Can I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?
View 6 Replies View RelatedUbuntu Security :: Can't Access The Email - Iptables
Mar 12, 2010To get my Thunderbird email to work and to do FTP to my website I have to use TERMINAL and enter the following code in Root;
iptables -F
At one point weeks ago I got Gufw and I don't remember if that had any effect.
Ubuntu Security :: Iptables Is Not Automatically Displayed?
May 18, 2010I suspect this is one of these questions from Window users who see something different in Ubuntu.
My understanding is that the Ubuntu firewall (iptables) is always on. However, the GUI client (firestarter) shows this more obviously.
I suppose I am used to ZoneAlarm in XP where everything was displayed more obviously.
So, iptables in not automatically displayed, but is working, right?
Ubuntu Security :: Iptables - Script Is Not Working?
Jun 11, 2010see many threads / websites about how to configure iptables. They say if you use these
rules it will allow http traffic. But they don't work. I like to deny all then allow specific ports open for traffic.So far I tried the script to flush and update my iptables rules, trying to open port 80 and 53 for http and DNS traffic:(I made the script executable, with $ iptables -L -v I can see that the rules are changed after I run the script. )
Code:
#! /bin/bash
iptables -P INPUT DROP
[code]...
Ubuntu Security :: Configuring Iptables To Allow VNC And OpenVPN?
Jun 20, 2010I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
Ubuntu Security :: Update Mcafee Behind Iptables?
Jul 29, 2010i opened access to [URL](without port limit) in iptables to let my systems to update mcafee, but still get unable to download in mcafee update log.
i have another ip that tried to connect via port 21 on those machines, but the ip is not belongs to [URL], is this possible thats redirecting?
Ubuntu Security :: Allow Internet Between Certain Hours Using Iptables?
Jan 6, 2011I typed this into the command line:sudo iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00:00 --timestop 23:59:59 --days Sat, Sun -j ACCEPTI get this error:iptables v1.4.4: unknown option '--days'How do I do something similar above in which I allow the internet to start at 12 o clock on Saturdays and Sundays
View 4 Replies View RelatedUbuntu Security :: Iptables Port 25 Is Open
Feb 28, 2011I've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".
Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).
Ubuntu Security :: Iptables For Router/proxy?
Apr 1, 2011Rather than use pfsense, etc I decided to create my own router/proxy etc based on an atom base with 2 nics.Proxy/routing/dns/etc all working fine, I now though want to lockdown the fw rules.ETH1 is the WAN NICETH2 is the LAN NICI'm guessing i want to allow anything out of ETH1, but only allow incoming to ETH1 when its established or related... What about ETH2 though? Any ideas pls? Am used to configuring iptables on single nic, certainly not a router.
Code:
Chain INPUT (policy ACCEPT 18535 packets, 10M bytes)
pkts bytes target prot opt in out source destination
[code]....
Ubuntu Security :: Why These Packets Droped By Iptables
Apr 30, 2011i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
Ubuntu Security :: Installing And Setting The Iptables On U 8.04 LTS?
May 26, 2011can anyone advise the best practice of installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
View 2 Replies View RelatedUbuntu Security :: Iptables: MAC Filtering With A File?
Jul 2, 2011I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
Ubuntu Security :: Modify The Iptables Rules In Any Way?
Jul 9, 2011what do the following two commands do? Do they modify the iptables rules in any way?
sudo /sbin/iptables -L -n
sudo /sbin/ip6tables -L -n
Ubuntu Security :: Iptables Log Analyzer On Web Interface?
Jul 14, 2011i want to view my iptables log on web interface, with chart (in option, but this is not my priority).
View 1 Replies View RelatedUbuntu Security :: Iptables To Allow HTTPS Connections Only?
Jul 16, 2011I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
ps: I got the rules from that website: [URL]
Ubuntu Security :: IPTABLES Default Settings ?
Sep 1, 2011I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
View 1 Replies View RelatedFedora Security :: Allow DNS In Iptables
Feb 1, 2009I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module
modprobe ip_conntrack
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.
My resolv.conf file lists:
nameserver 127.0.0.1
nameserver DNS-server
Fedora Security :: Can't Get FTP Through Iptables
Dec 14, 2009Im pulling my hair out trying to get ftp to work through iptables.Im using vsftpd
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[code].....