Networking :: Check Older Iptable Rules That Were Loaded?

Oct 14, 2010

Is there a way to check older iptable rules that were loaded? I accidentally overwrote my iptables and that has killed internet access to all computers in the intranet. I must have accidentally deleted some line in the iptable rules and cannot figure how to get it back to how it was. I am using Debian 5.05 by the way.

View 1 Replies


Ubuntu Networking :: Set Iptable Rules And Access Superuser Permission From Web-based?

Mar 30, 2010

wrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?

View 2 Replies View Related

General :: Iptable Rules - SYN ?

Feb 9, 2011

Explain the following iptable rules for me?

I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.

I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?

View 2 Replies View Related

Security :: Iptable Rules For Dns And Snmp

Jan 27, 2011

I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:

iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT

View 1 Replies View Related

Fedora Security :: FC15 And Iptable Rules ?

Jul 16, 2011

I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.


what do you think about the new rules and their order?

View 5 Replies View Related

Ubuntu :: Remove All Iptable Rules And Chains?

Aug 6, 2010

How would you remove all iptable rules and chains?

View 2 Replies View Related

Ubuntu Security :: Insecure Iptable Rules?

Sep 12, 2010

I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?

View 3 Replies View Related

Security :: Creating Custom SSH Iptable Rules For Use With UFW?

Feb 22, 2011

I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?


## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT


View 14 Replies View Related

Server :: Iptable Rules Some To Save And Some Not To Upon Reboot?

Apr 17, 2010

I am having a Xen server xend daemon is taking care of giving interface names like vif1.0 or vif0.2 to the connected guest operating systems on it.I can not save the current IPTABLE rules since upon reboot the xend daemon gives different names to virtual ethernet interfaces i.e. vif1.0 or vif3.0 or vif9.0 like that.I have some rules that I want to be active upon subsequent reboots and not all.Say for example an SSH to external server at port 8000 should forward the request to a machine on LAN.Which I have done by port forwarding from IPTABLES.So I need to save some rules.I was thinking to make a script which on reboot activates those rules.

I am not clear on where to do that.I came across internet and found /etc/network/if-up.d/I am not clear with this directory my question is if I make a scrip which has IPTABLE rules as I want and save it in above folder will it work. I am not clear with what is /etc/network/if-up.dfor.Suppose my logic is wrong then how should I go for it.Also I want to know does a protocol uses two port to make a connection.I have forgotten that thing,i.e if I run an SMTP or ssh then do they use port 22 and 23 both in case of ssh or 25 and 26 both for SMTP like that or just specifying the rules for one port will be enough.I tested these rules in a secure environment where i had disabled firewall and ssh forwarding on router worked well

View 4 Replies View Related

Ubuntu Security :: Setting IPTable Rules For FTP Server?

Jun 22, 2011

I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?

View 3 Replies View Related

Server :: Audit System Is In Immutable Mode - No Rules Loaded

Nov 23, 2010

I have /var/log/audit and /var/log/audit.log owned by root and 600 permissions. I've also removed and made an empty /var/log/audit directory when that did not we work either. I can start the service after boot up, but it is not coming up automatically even when configured by chkconfig. I also get this after I attempt a restart...

Stopping auditd: [ OK ]
Error deleting rule (Operation not permitted)
Starting auditd: [ OK ]
The audit system is in immutable mode, no rules loaded

A tail of my /var/log/messages shows this...
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.524:73): item=1 name="/var/run/" inode=131143 dev=fd:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.618:74): arch=c000003e syscall=87 success=no exit=-2 a0=7fff730b2f85 a1=7fff730b2f85 a2=2 a3=0 items=1 ppid=6243 pid=6248 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.618:74): cwd="/"
Nov 23 16:45:18 hostname kernel: type=1302 audit(1290548718.618:74): item=0 name="/var/run/" inode=131073 dev=fd:01 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_run_t:s0
Nov 23 16:45:18 hostname kernel: type=1300 audit(1290548718.620:75): arch=c000003e syscall=87 success=yes exit=0 a0=7fff9b776f81 a1=7fff9b776f81 a2=2 a3=0 items=2 ppid=6243 pid=6249 auid=1111 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="rm" exe="/bin/rm" subj=user_u:system_r:unconfined_t:s0 key="delete"
Nov 23 16:45:18 hostname kernel: type=1307 audit(1290548718.620:75): cwd="/"
Nov 23 16:45:18 hostname auditd[6260]: Started dispatcher: /sbin/audispd pid: 6262
Nov 23 16:45:18 hostname audispd: af_unix plugin initialized
Nov 23 16:45:18 hostname audispd: audispd initialized with q_depth=80 and 1 active plugins
Nov 23 16:45:18 hostname auditd[6260]: Init complete, auditd 1.7.17 listening for events (startup state enable)

View 4 Replies View Related

Red Hat / Fedora :: Check Ddos Attack On A IPtable Firwwall?

Oct 2, 2010

I have linux firewall configured. I want to check the stress tecting on this firewall. is there any way to launch attack of DDOS or other attack which try to make the firewall busy ?

View 2 Replies View Related

Debian :: Check For Loaded Modules?

Sep 25, 2010

Howto check from the command line which modules were loaded after Lenny restart?

View 2 Replies View Related

Debian Configuration :: How To Check Version Of Loaded Intel Microcode

May 2, 2010

Because the version of the microcode installed by the package intel-microcode in Testing (2009-03-30) is way older than the one currently offered by Intel (2010-02-09), I only installed the package microcode.ctl and let it fetch the microcode. However, after reading the Read Me files, manual pages and system logs, and checking the directory where the microcode is stored, I have not been able to find an option to check the version of the microcode in use.

This is the output of update-intel-microcode:
Local version:
Remote version:
could not extract the actual data of remote microcode

View 2 Replies View Related

Ubuntu Servers :: Udev Rules To Check If File Exists?

Jun 9, 2011

Is it possible to set up a udev rule that will check if a file exists on a USB drive?

I've got a few ubuntu servers in environments with some very not-techy peoples. Im hoping to get to the point where I can give them a few USB sticks with scripts on them, and if they plus one of these sticks in it will be mounted in, say, /media/special (rather than /media/usb0..7) and then the script would be run. But if a usb drive without is inserted, it should be mounted to /media/usb0..7 as normal.

I've been googeling for udev rules, and it seems simple enough to specify a mount point based on brand/model/serialnumber/etc... but i havent been able to find anything about checking for the existance of a file.

Tho the more i think about it, the more im starting to think its not going to be that straight forward. Can udev check for a file on a drive before that drive is mounted? Is it going to be a case of mounting every drive to /media/usb0..7 then having a script run that will check for the file, and if its there change the mount point before running

View 1 Replies View Related

Networking :: How Many Rule Iptable Can Manage

May 12, 2010

i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.

View 1 Replies View Related

Networking :: Adding An Additional Iptable Rule?

Mar 4, 2011

This is what I have currently running.


iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


How do I add this to the ruleset, without doing the whole thing over again?


iptables -A OUTPUT -d -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

View 1 Replies View Related

Networking :: Add Ports In Iptable /firewall Using Command?

Feb 18, 2011

I want to know how to add (ports to open)in firewall using command or scriptor any ather method

View 4 Replies View Related

Networking :: Possible In Iptable \ Switching Destination IP To Source?

Sep 16, 2010

Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?

View 2 Replies View Related

Networking :: Configuring Pptp + Iptable To Share Connection

Dec 27, 2010

Here's my setup: Slackware 13.1 External IFace = eth0 / DHCP (assigned from comcast) Internal IFace = eth1 / I've made it connect/authenticate, but I can't get anything to route through it..


Really wanting to try and get this setup to where all computers on my lan are forced through the VPN, i've tried most of all things I've googled, and no real luck.

View 1 Replies View Related

Networking :: Iptable Command To Allow Traffic To Internet But Not Subnet?

Jun 3, 2010

My internet gateway is with a subnet mask. I have a router connected to it running ddwrt with an ip creating a second subnet behind it. I have a tenant moving in that will be wirelessly connecting to the ddwrt router, so to the subnet. What I am looking for is a rule that will pass internet traffic to and from this client, but restrict him access from the subnet otherwise. The ddwrt router is connected to the gateway through its wan port, btw. For example, the client would get an ip address of wirelessly from the ddwrt router. I want him to be able to surf the internet through the gateway, but not to have any other access to the subnet (ideally not have access to ANYTHING besides the internet).

View 4 Replies View Related

Networking :: How To Open Port For IP Phone Using SIP Protocol With IPTable On RadHat

May 18, 2011

I configure IPtable on RadHat as firewall and i want to allow for IP Phone using SIP protocol.I already allow port 5060 for IP Phone using SIP Protocol and I can call out.The problem is:

1. I can call out and in but when they pick up my call they hear what i'm saying but i can't hear they are saying.

View 1 Replies View Related

Networking :: Iptable Record Adding Successfully But Not Showing In List?

Jun 28, 2010

I've been trying to add a redirect iptable record but each time I add it, it appears to add successfully (meaning it doesn't throw me any errors); yet when I run 'iptables -L' I can't see it listed:

iptables -t nat -A PREROUTING -p tcp --dport 82 -j REDIRECT --to-ports 8081

I also tried to do a DNAT redirection but this too, executed successfully but did not show in the list:

iptables -t nat -A PREROUTING -p tcp --dst --dport 80 -j DNAT --to-destination

Am I missing something or am I not applying the rule correctly?

View 1 Replies View Related

Networking :: Iptable Rule For Blocking Direct Internet Access

Jun 13, 2010

i have the following system in my lan.

etho(private) -
eth1(public) -

squid server at

my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from to

View 5 Replies View Related

Ubuntu :: Can't Create File /etc/udev/rules.d/70-android.rules?

Jun 19, 2011

I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf

View 2 Replies View Related

Ubuntu Networking :: Eth0 Unstable - Iptables Empty - Cant Service Iptable Restart

May 13, 2011

This is my first use of Ubuntu, but I have previous decent experience on Centos & Mandriva. I've just installed Natty 11.04 on a box that was running a mandriva 2010 - and the network is acting quite strange. When I define a static IP for eth0 through the gui, along with route & dns, it sort of works: ssh is fine, vnc too. However, I have an asterisk running on the box, and it is wild: some packets get lost in the box.

An ngrep shows the packets reaching the interface, but they dont show in asterisk !!! I've done a ufw disable, iptables is empty (why cant I service iptable restart btw ?). ip route list show decent routes (eth0 default); When I switch to DHCP, it is better, but unstable... If i plug a wifi usb stick, it seems to be better... Is there some known issues that could explain this behaviour ? The nic is a: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller

View 5 Replies View Related

Networking :: Iptable Rule Don't Work - Error "18446744073709551615"

Apr 11, 2010

I have problems with iptables :

[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#

I need stopping a SYN ddos attack... but iptable rule don't work...

View 9 Replies View Related

Fedora Networking :: CBQ/tc Rules Not Working?

Aug 15, 2010

I can't seem to get CBQ / tc working when I attempt to filter ip+port. It works when I just filter on IP though, I don't understand what the problem is. Here is my CBQ file.Quote:

DEVICE=ppp0,51200Kbit, 51200Kbit


View 1 Replies View Related

Networking :: Can't APPLY Iptables Rules

May 22, 2011

I added a few rules to my /etc/iptables.rules file and then used sudo iptables-restore < /etc/iptables.rules but i got an error saying "iptables-restore: line 29 failed".But the only word on that line.

View 1 Replies View Related

Networking :: Iptable Mark Packet And Use This Mark In Other Rule?

Apr 21, 2010

I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :

Rule 1 : Mark all packet coming from with number 1

Rule 2 : Drop all packets which has been mark with number 1

View 3 Replies View Related

Copyrights 2005-15, All rights reserved