Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code: wolfgang@Culture:/var/log$ fail2ban-client status ERROR Unable to contact server. Is it running?
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code: [php-url-fopen] enabled = true port = http,https filter = php-url-fopen
eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet
Installing a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
see many threads / websites about how to configure iptables. They say if you use these rules it will allow http traffic. But they don't work. I like to deny all then allow specific ports open for traffic.So far I tried the script to flush and update my iptables rules, trying to open port 80 and 53 for http and DNS traffic:(I made the script executable, with $ iptables -L -v I can see that the rules are changed after I run the script. )
I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
I typed this into the command line:sudo iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00:00 --timestop 23:59:59 --days Sat, Sun -j ACCEPTI get this error:iptables v1.4.4: unknown option '--days'How do I do something similar above in which I allow the internet to start at 12 o clock on Saturdays and Sundays
I've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".
Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).
Rather than use pfsense, etc I decided to create my own router/proxy etc based on an atom base with 2 nics.Proxy/routing/dns/etc all working fine, I now though want to lockdown the fw rules.ETH1 is the WAN NICETH2 is the LAN NICI'm guessing i want to allow anything out of ETH1, but only allow incoming to ETH1 when its established or related... What about ETH2 though? Any ideas pls? Am used to configuring iptables on single nic, certainly not a router.
Code: Chain INPUT (policy ACCEPT 18535 packets, 10M bytes) pkts bytes target prot opt in out source destination
can anyone advise the best practice of installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
I have been struggling with this for a very long time now. I have installed Fedora Core 9 on my computer. I have set it up as a caching-nameserver and this is working.
Then I wanted to secure my server with iptables, and I have so far made this script:
# Load the connection tracker kernel module modprobe ip_conntrack iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP
[Code]....
I can reach the dns server with ping. When trying Nslookup it says that it got SERVFAIL from 127.0.0.1 trying next server, and then it times out.