I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
Quote:
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I have slackware 13.0 on my HP 520 laptop.My machine is connected to the internet and it also act as a gateway for other machine of mine.
I want to use mac filtering options of iptables.But i am getting following error
iptables v1.4.3.2: Couldn't load match `ac-source':/usr/libexec/xtables/libipt_ac-source.so: cannot open shared object file: No such file or directory
Does anyone have tips about iptables rules for filtering network traffice?
View 2 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
Wondering if anyone knows what the range specification is meant to do for the colonHAIN at the top of the iptables file? e.g. what is the 1:76 range mean for :OUTPUT ACCEPT [1:76] ?
# Generated by iptables-save v1.4.1.1 on Sat Dec 19 12:28:00 2009
*filter
:INPUT ACCEPT [0:0]
[code]...
I'm setting up a server with Jaunty Jackalope version. I'm trying to test setting up a basic iptables rules... No matter which command I put in, it is failing on the first command when I run iptables-restore < file location (the first rule always fails). I'm doing this on the root user and first typing in the iptables rules in a test file. I've tried the first command starting with % sudo, iptables and -A. All have the same result. I've also tried letting the HTTP rule be first with the same result.
[Code]...
Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 Replies View RelatedI have already developed file type filtering functions through squid. Now I want to deal with content filtering aspects... What tools are available there for so in linux?
View 6 Replies View RelatedI want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies View RelatedI'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
using ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.
View 4 Replies View RelatedI'm using Grsync and I want to be able to plug in any drive into my laptop and run rsync on it to back up all the user documents on there to another external hdd and to exclude everything else. Working on the principle that user documents don't always appear where we'd expect I want rsync to look through the whole drive and filter what it backs up by file type. I am only having partial success, however.
I am using the 'filter' option in the 'additional options' box. I am using the command
Code:
filter='merge /home/tim/Desktop/filter'
and I am attaching the filter file I have written. (I have added the .txt extention to upload it).
I have tested this script on my home folder and here's what's going wrong. Rsync will copy the entire directory structure regardless of whether there are any files to be copied over in those directories. I am also getting only some file types getting included and not others. .odt and .ods files are copied, for instance, but not .doc or .rtf.
i ran this
Code:
iptables -N rate-limit
iptables -A rate-limit -p tcp -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 3 -j RETURN
iptables -A rate-limit -j DROP
iptables -I INPUT 1 -p tcp --dport 22 -j rate-limit
i am no longer able to ssh in to the machine , how can i reset iptables and firestarted back to default?
i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?
View 7 Replies View RelatedI've recently moved from Firestarter to UFW/GUFW, and I wonder if someone could confirm if my iptables configuration is secure.
When I enter sudo iptables -L i get:
Code:
eth1 has connection to the net via gateway ..eth0 on the same machine has users on a intranet and needs access to the internet, i need to allow internet connection and prevent packets which logically originate from the internet getting into the intranet
View 1 Replies View RelatedInstalling a router, and I need to completely "wipe" iptables (flush I mean) on both computers, and I think I run ufw/gufw on both, so that would need to be uninstalled. The router is very secure, has NAT, etc, etc, and I'd rather setup all that side of things in one point, rather than on each computer.
View 2 Replies View RelatedCan I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?
View 6 Replies View RelatedTo get my Thunderbird email to work and to do FTP to my website I have to use TERMINAL and enter the following code in Root;
iptables -F
At one point weeks ago I got Gufw and I don't remember if that had any effect.
I suspect this is one of these questions from Window users who see something different in Ubuntu.
My understanding is that the Ubuntu firewall (iptables) is always on. However, the GUI client (firestarter) shows this more obviously.
I suppose I am used to ZoneAlarm in XP where everything was displayed more obviously.
So, iptables in not automatically displayed, but is working, right?
see many threads / websites about how to configure iptables. They say if you use these
rules it will allow http traffic. But they don't work. I like to deny all then allow specific ports open for traffic.So far I tried the script to flush and update my iptables rules, trying to open port 80 and 53 for http and DNS traffic:(I made the script executable, with $ iptables -L -v I can see that the rules are changed after I run the script. )
Code:
#! /bin/bash
iptables -P INPUT DROP
[code]...
I'm running Ubuntu 10.04 LTS as a VM in Hyper-V, and accessing it via VNC with a machine in the same broadcast domain. I'm using OpenVPN to connect to XeroBank. I have instructions for configuring iptables to permit establishing and using the XeroBank connection, while blocking all other traffic on eth0. I've followed them successfully. I need to also permit the VNC connection, and haven't managed that. FWIW, the VM is at 192.168.111.12::5900 and the workstation is 192.168.111.2.
The attachment to this post lists the recommended contents for each Shorewall file. Which files need changed, and what do I add to each?
i opened access to [URL](without port limit) in iptables to let my systems to update mcafee, but still get unable to download in mcafee update log.
i have another ip that tried to connect via port 21 on those machines, but the ip is not belongs to [URL], is this possible thats redirecting?
I typed this into the command line:sudo iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00:00 --timestop 23:59:59 --days Sat, Sun -j ACCEPTI get this error:iptables v1.4.4: unknown option '--days'How do I do something similar above in which I allow the internet to start at 12 o clock on Saturdays and Sundays
View 4 Replies View RelatedI've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".
Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).
Rather than use pfsense, etc I decided to create my own router/proxy etc based on an atom base with 2 nics.Proxy/routing/dns/etc all working fine, I now though want to lockdown the fw rules.ETH1 is the WAN NICETH2 is the LAN NICI'm guessing i want to allow anything out of ETH1, but only allow incoming to ETH1 when its established or related... What about ETH2 though? Any ideas pls? Am used to configuring iptables on single nic, certainly not a router.
Code:
Chain INPUT (policy ACCEPT 18535 packets, 10M bytes)
pkts bytes target prot opt in out source destination
[code]....
i dont know why packets dropped? and something else what are those numbers for default policy in [] means?this is rules:
Code:
# Generated by iptables-save v1.4.4 on Sun May 1 00:09:57 2011
*mangle
[code]....
can anyone advise the best practice of installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
View 2 Replies View Related