General :: Iptable Rules - SYN ?

Feb 9, 2011

Explain the following iptable rules for me?

I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.

I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?

View 2 Replies


Security :: Iptable Rules For Dns And Snmp

Jan 27, 2011

I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:

iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT

View 1 Replies View Related

Fedora Security :: FC15 And Iptable Rules ?

Jul 16, 2011

I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.


what do you think about the new rules and their order?

View 5 Replies View Related

Ubuntu :: Remove All Iptable Rules And Chains?

Aug 6, 2010

How would you remove all iptable rules and chains?

View 2 Replies View Related

Ubuntu Security :: Insecure Iptable Rules?

Sep 12, 2010

I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?

View 3 Replies View Related

Security :: Creating Custom SSH Iptable Rules For Use With UFW?

Feb 22, 2011

I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?


## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT


View 14 Replies View Related

Server :: Iptable Rules Some To Save And Some Not To Upon Reboot?

Apr 17, 2010

I am having a Xen server xend daemon is taking care of giving interface names like vif1.0 or vif0.2 to the connected guest operating systems on it.I can not save the current IPTABLE rules since upon reboot the xend daemon gives different names to virtual ethernet interfaces i.e. vif1.0 or vif3.0 or vif9.0 like that.I have some rules that I want to be active upon subsequent reboots and not all.Say for example an SSH to external server at port 8000 should forward the request to a machine on LAN.Which I have done by port forwarding from IPTABLES.So I need to save some rules.I was thinking to make a script which on reboot activates those rules.

I am not clear on where to do that.I came across internet and found /etc/network/if-up.d/I am not clear with this directory my question is if I make a scrip which has IPTABLE rules as I want and save it in above folder will it work. I am not clear with what is /etc/network/if-up.dfor.Suppose my logic is wrong then how should I go for it.Also I want to know does a protocol uses two port to make a connection.I have forgotten that thing,i.e if I run an SMTP or ssh then do they use port 22 and 23 both in case of ssh or 25 and 26 both for SMTP like that or just specifying the rules for one port will be enough.I tested these rules in a secure environment where i had disabled firewall and ssh forwarding on router worked well

View 4 Replies View Related

Ubuntu Security :: Setting IPTable Rules For FTP Server?

Jun 22, 2011

I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?

View 3 Replies View Related

Networking :: Check Older Iptable Rules That Were Loaded?

Oct 14, 2010

Is there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.

View 1 Replies View Related

Ubuntu Networking :: Set Iptable Rules And Access Superuser Permission From Web-based?

Mar 30, 2010

wrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?

View 2 Replies View Related

Ubuntu :: Can't Create File /etc/udev/rules.d/70-android.rules?

Jun 19, 2011

I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf

View 2 Replies View Related

General :: How To Open Port At Iptable

Oct 11, 2010

How to open port at iptable?

My box is centos 5.4.

I wanto to open UDP 177 and TCP 6000~60010.

I can connect my box through putty now.

View 4 Replies View Related

General :: Configure Iptable And Squid In Redhat 5.0?

Aug 12, 2010

I m kapil sharma i want to know how i configure iptable and squid service in redhat 5.0?o access internet in network.

View 3 Replies View Related

General :: Iptable Rule To Open Samba Port?

Jun 15, 2010

I have samba running on and I am trying to open samba ports only for hosts in network.. I have added following rules to iptables. But still I am not able to connect from machines from network


iptables -A INPUT -s -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s -p tcp --dport 445 -j ACCEPT

What's wrong with the above rules ?

View 3 Replies View Related

General :: Virtual Machine Freezes When Flush Iptable

Feb 16, 2011

why does my virtual machine freezes when I flush iptable rules. i tried to install virtual machines 3 times and every time I flush iptables on host, virt machine freezes down. What can be the issue? Is it with the host installation or something else?

View 5 Replies View Related

General :: FATAL: Error Inserting Ip_tables When Try To Create New Iptable

Jun 16, 2010

So I am new to ubuntu and am trying to work with "iptables". I have ubuntu version 10.04, in the terminal I try to create a new iptable by writing: iptables -N chain but the response is: FATAL: Error inserting ip_tables......... also it says "you must be root", what does root mean?

View 2 Replies View Related

Ubuntu Security :: Snort Not Starting - ERROR: "/etc/snort/rules/exploit.rules(264) => 'fast_pattern' Does Not Take An Argument"

May 12, 2011

I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode


View 2 Replies View Related

Ubuntu Security :: What Is Best General Ufw Rules

Jun 9, 2010

I googled this question, no relevant results. I don't samba, ssh, or any P2P file sharing. Is udp neccesary for general web browsing/file downloading? What would be the best general ufw rules to set for above conditions and varying ip address? I know how to use the full ufw syntax in command line.

View 5 Replies View Related

General :: Make Rules In A Makefile - Debug

Nov 17, 2009

Does anyone know if it is possible to make rules in a Makefile that would work like this:

> make debug module
> make module debug

where module can be any module that has a specific rule in the Makefile.

The thing I have is a Makefile with different rules that I compile like this:

> make module

What I would like is to add an option so I can compile whichever module with debug-information just by adding a debug to the make command. The debug-information I know how to do, the problem is how to make the Makefile work...

View 2 Replies View Related

General :: Configuring Conversion Rules In FF DownloadHelper?

Oct 4, 2009

I want to burn VCD's and DVD's from flash videos that will play in a standalone DVD player but have been unsuccessful at finding the correct combination of conversion choices in DownloadHelper. This is my 3rd or 4th request for help on this. Someone out there must be successful at burning. Avidemux, DeVeDe, and DVDStyler have

View 6 Replies View Related

General :: Udev Rules Aimed For USB Drives Only?

Mar 14, 2011

I have written a udev rule as follows:Code:RUN+=/.../.../example.shWhenever i plug in a USB drive, this rule is executed, however it is also done when i plug in a dongle for WiFi. How do i make this udev rule specific for USB drives only. In other words this script should be run for USB devices only.

View 3 Replies View Related

General :: Iptables Rules To Allow Nfs Clients Access To Nfs Server?

Jan 20, 2011

I'm curious but recently I was troubleshooting some iptables rules to allow nfs clients access to my nfs server. What was strange was that I setup a tcpdump session on my nfs server so that I can see which ports were being requested. I ran several tcpdump sessions with the following filters in place.

tcpdump -vv src ip_of_client and dst _ip_of_client
tcpdump -vv src hostname_of_client and dst hostname_of_client

However, the only packet I ever saw come over the wire to me was the client host asking for a arp resolution. Anyhow, I finally just ran 'rcpinfo -p' and added those ports to my iptables rules and it worked great. However, I would like to understand how nfs works in case I need to troubleshoot it in the future. I do understand that nfs uses portmappers, would this explain the behavior?

View 1 Replies View Related

General :: Udev Rules To Automatically Apply 666 Permission?

Apr 3, 2010

my linux box the device node for my printer is by default setup as the following: crw-rw---- 1 root lp 189, 1 Apr 3 07:45 /dev/bus/usb/001/002 This causes cups to not print at all. The Hp backend (HPLIP) fails because of these permissions. How do I change it so that it's crw-rw--rw 1 root lp 189, 1 Apr 3 07:45 /dev/bus/usb/001/002. Ie I would like 666 file permission on that node.

View 2 Replies View Related

General :: X11 - Unable To Add Any Port Forwarding Rules To Router

Feb 22, 2011

Say I have Computer A behind a router with NAT. I'm unable to add any port forwarding rules to that router. Then I have Computer B with a public IP address that I want to forward X windows from. This computer is headless, but does have a video card so X windows can be used. Here are some of the things I'd perform to setup my scenario.

1. Computer B, I'd run xhost + public_ip of NAT router.
2. Make sure that computer B's sshd service has X11 forwarding enabled.
3. SSH from Computer A to Computer B with the X windows forward option.
4. Once in Computer B, set the DISPLAY env variable to the public_ip of NAT router.
5. On Computer B run xclock.

At this point I'd expect to see an instance of xclock originating from Computer B onto my desktop. However this obviously won't work. The problem is that when the request is made to Computer B to forward the instance of xclock to Computer A the forwarded instance of xclock will get stuck at the NAT router. Without a port forwarding rule the NAT router will not know which internal IP to route the instance of xclock.

Here's my question. Is there any way for Computer A to initiate a connection to Computer B and then forward the instance of xclock? That way if it uses that same connection the NAT router will know which internal IP to route it to because it would be an active connection in the router's routing table. Or is there an alternative? Of course I can vnc into another computer outside the NAT network and then forward an X window to it just fine. But in the spirit of expanding my knowledge on X windows I'd like to see what is possible.

View 5 Replies View Related

General :: How Udev Rules Work To Create Device Files

Jun 2, 2010

how udev rules work to create device files. Following is what I did for that: Up on plugging in my phone (sony w800i), I am getting a device file 'devcdc-wdm0' created. I just tried to figure out the rule which is responsible for the creation of this particular file.

I searched in 'etcudev ules.d' and 'libudev ules.d' for the string 'cdc-wdm' to find that rule. But I am not getting any hits in that search. Could any one help me out in this one.

BTW: I am using Ubuntu 9

View 6 Replies View Related

General :: Adding Firewalls Nat Rules / Internet Is Totally Blocked On Eth1?

Oct 4, 2010

I have a centos5.3 server. I want to configure it as transparent squid proxy server. Internet is connected to eth0( and lan is connected to eth1( and eth1 ip is .

I have configured it as dhcp,squid and its working fine.

Now I want to configure it as a transparent,so that no one has to manually configure in browser.

I just added a line

http_port 3128 transparent

to make it transparent.

Now while adding nat rules,


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

Internet is totally blocked on eth1. And after stopping the firewall the internet comes.

View 14 Replies View Related

General :: Writing Udev Rules On Ubuntu 9.10 For Two Ports With The Same Product And Vendor IDs

Aug 3, 2010

I have been trying to figure this out for a long time now and can't seem to get it to work. I have three serial ports I need to communicate with. The first one works, but the other two, which have identical product and vendor IDs, do not. This is what I have so far under /etc/udev/rules.d/10-local.rules/


View 14 Replies View Related

Red Hat / Fedora :: Not Able To Add Iptable Rule?

Dec 22, 2010

In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.

View 5 Replies View Related

OpenSUSE Network :: IPTable Redirects On The Fly Via CLI?

Sep 15, 2010

I'm looking for a programmatic way to run the equivalent of the below statement using SuSEfirewall2 and make it persistent:

iptables -t nat -A PREROUTING -s -p udp --dport 514 -j REDIRECT --to-ports 51414

Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however... is there an iptables-save equivalent in SuSEfirewall2?

View 3 Replies View Related

Networking :: How Many Rule Iptable Can Manage

May 12, 2010

i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved