Red Hat / Fedora :: Not Able To Add Iptable Rule?

Dec 22, 2010

In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.

View 5 Replies


Networking :: How Many Rule Iptable Can Manage

May 12, 2010

i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.

View 1 Replies View Related

Ubuntu Security :: How To Create An Iptable Rule

Sep 1, 2011

I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.

Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:


FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1

Obviously, That was just a guess, I need someone that knows iptables to help me.


Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * state INVALID
Rule 2 1.11 GB ACCEPT all * * state RELATED,ESTABLISHED


View 3 Replies View Related

Networking :: Adding An Additional Iptable Rule?

Mar 4, 2011

This is what I have currently running.


iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


How do I add this to the ruleset, without doing the whole thing over again?


iptables -A OUTPUT -d -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

View 1 Replies View Related

Ubuntu :: IPtable Rule To Force All Browsers To Use Proxy?

Oct 30, 2010

I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?


sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128

View 6 Replies View Related

General :: Iptable Rule To Open Samba Port?

Jun 15, 2010

I have samba running on and I am trying to open samba ports only for hosts in network.. I have added following rules to iptables. But still I am not able to connect from machines from network


iptables -A INPUT -s -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s -p tcp --dport 445 -j ACCEPT

What's wrong with the above rules ?

View 3 Replies View Related

Networking :: Iptable Rule For Blocking Direct Internet Access

Jun 13, 2010

i have the following system in my lan.

etho(private) -
eth1(public) -

squid server at

my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from to

View 5 Replies View Related

Server :: Command For Iptable Rule To Add In Chain RH-Firewall-1 To Block Ftp Port?

Mar 10, 2011

tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.

View 3 Replies View Related

Networking :: Iptable Rule Don't Work - Error "18446744073709551615"

Apr 11, 2010

I have problems with iptables :

[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#

I need stopping a SYN ddos attack... but iptable rule don't work...

View 9 Replies View Related

Networking :: Iptable Mark Packet And Use This Mark In Other Rule?

Apr 21, 2010

I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :

Rule 1 : Mark all packet coming from with number 1

Rule 2 : Drop all packets which has been mark with number 1

View 3 Replies View Related

Ubuntu Security :: Set A Rule In Iptables, Does That Rule Also Apply To Ipv6, Or Just Ipv4?

Jul 16, 2010

Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?

2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?

3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?

4. Any gotchas or issues that I should be aware of?

View 9 Replies View Related

Fedora Security :: FC15 And Iptable Rules ?

Jul 16, 2011

I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.


what do you think about the new rules and their order?

View 5 Replies View Related

Red Hat / Fedora :: Check Ddos Attack On A IPtable Firwwall?

Oct 2, 2010

I have linux firewall configured. I want to check the stress tecting on this firewall. is there any way to launch attack of DDOS or other attack which try to make the firewall busy ?

View 2 Replies View Related

Fedora :: How To See Which SE Rule Kick In And Denies Access

Dec 13, 2009

How can I see which SELinux rule kicks in at a given point. Is there something like debug-mode for SELinux? The problem is that SELinux Troubleshooter does not show any errors at all when denial happens.

View 4 Replies View Related

Fedora :: No Rule To Make Target Modules?

Dec 24, 2010

After reading all the forum entries and tutorials I could find, which all make it sound very easy to do, however I type the command 'make' in the folder where I have the "rtl8192su_linux_2.4_2.6.0003.1019.2009.tar.gz " unzipped and get the following output:

make[1]: Entering directory `/lib/modules/'
make[1]: *** No rule to make target `modules'. Stop.
make[1]: Leaving directory `/lib/modules/'


View 10 Replies View Related

Fedora Security :: Add A Rule In Iptables On Squid Server?

Mar 4, 2011

I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.

#service iptables stop

By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work perver IP address is

View 3 Replies View Related

Fedora :: Kernel Compile Error : No Rule To Make Target `missing-syscalls'?

Dec 13, 2009

I am trying to compile a kernel in the following directory:/usr/src/kernels/

Note I am not trying to build an rpm but just do a simple make. After configuring with make menuconfig I issue the make command and get the following error:

[root@compaq]# make
CHK include/linux/version.h
CHK include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
make[1]: *** No rule to make target `missing-syscalls'. Stop.
make: *** [prepare0] Error 2

how to resolve this error? It seems to be fedora-centric.

View 4 Replies View Related

Fedora Networking :: Ftp Port Open \ Didn't Add A "other Ports" Rule Or Anything As Well?

Jul 26, 2011

I set up a vnc connection to my machine the other day and while doing that checked out any open ports.To my astonishment my ftp port is open, although I double checked the firewall and there's no check in the checkbox for the ftp port. I didn't add a "other ports" rule or anything as well.So, how would I be able to fix that?

View 5 Replies View Related

General :: Iptable Rules - SYN ?

Feb 9, 2011

Explain the following iptable rules for me?

I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.

I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?

View 2 Replies View Related

OpenSUSE Network :: IPTable Redirects On The Fly Via CLI?

Sep 15, 2010

I'm looking for a programmatic way to run the equivalent of the below statement using SuSEfirewall2 and make it persistent:

iptables -t nat -A PREROUTING -s -p udp --dport 514 -j REDIRECT --to-ports 51414

Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however... is there an iptables-save equivalent in SuSEfirewall2?

View 3 Replies View Related

General :: How To Open Port At Iptable

Oct 11, 2010

How to open port at iptable?

My box is centos 5.4.

I wanto to open UDP 177 and TCP 6000~60010.

I can connect my box through putty now.

View 4 Replies View Related

Security :: Iptable Rules For Dns And Snmp

Jan 27, 2011

I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:

iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT

View 1 Replies View Related

Security :: Iptable To Block A Sub-domain

Feb 23, 2011

Is it possible to block a subdomain or a one lower level directory URL access from other hosts or network ? I have a site running on my server and i want to block the particular directory under the domain, with the exception of loopback access? I mean the directory must be accessible from loopback/localhost.

[url] on port 10016(expect loopback)
[url] on port 10016 (expect loopback)


View 1 Replies View Related

Ubuntu :: Remove All Iptable Rules And Chains?

Aug 6, 2010

How would you remove all iptable rules and chains?

View 2 Replies View Related

Ubuntu Security :: Insecure Iptable Rules?

Sep 12, 2010

I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?

View 3 Replies View Related

Networking :: Add Ports In Iptable /firewall Using Command?

Feb 18, 2011

I want to know how to add (ports to open)in firewall using command or scriptor any ather method

View 4 Replies View Related

Networking :: Possible In Iptable \ Switching Destination IP To Source?

Sep 16, 2010

Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?

View 2 Replies View Related

General :: Configure Iptable And Squid In Redhat 5.0?

Aug 12, 2010

I m kapil sharma i want to know how i configure iptable and squid service in redhat 5.0?o access internet in network.

View 3 Replies View Related

Security :: Creating Custom SSH Iptable Rules For Use With UFW?

Feb 22, 2011

I'm trying to set up a firewall at the moment that allows access to my custom SSH port from only my friend's url (they have a static url but dynamic IP). I find iptables a bit of a nightmare and was hoping to use UFW for most of my day to day firewall maintenance and just make a few extra iptable rules to cover exceptional circumstances like this. Fortunately it seems UFW allows this with /etc/ufw/before.rules and /etc/ufw/after.rules. So at the moment I'm just trying to get the basic iptables rules right. As I say I'm not very good with iptables, does this look right?


## Drop Default SSH port access With Logging
iptables -N SSH_DEFAULT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_DEFAULT


View 14 Replies View Related

Server :: Iptable Rules Some To Save And Some Not To Upon Reboot?

Apr 17, 2010

I am having a Xen server xend daemon is taking care of giving interface names like vif1.0 or vif0.2 to the connected guest operating systems on it.I can not save the current IPTABLE rules since upon reboot the xend daemon gives different names to virtual ethernet interfaces i.e. vif1.0 or vif3.0 or vif9.0 like that.I have some rules that I want to be active upon subsequent reboots and not all.Say for example an SSH to external server at port 8000 should forward the request to a machine on LAN.Which I have done by port forwarding from IPTABLES.So I need to save some rules.I was thinking to make a script which on reboot activates those rules.

I am not clear on where to do that.I came across internet and found /etc/network/if-up.d/I am not clear with this directory my question is if I make a scrip which has IPTABLE rules as I want and save it in above folder will it work. I am not clear with what is /etc/network/if-up.dfor.Suppose my logic is wrong then how should I go for it.Also I want to know does a protocol uses two port to make a connection.I have forgotten that thing,i.e if I run an SMTP or ssh then do they use port 22 and 23 both in case of ssh or 25 and 26 both for SMTP like that or just specifying the rules for one port will be enough.I tested these rules in a secure environment where i had disabled firewall and ssh forwarding on router worked well

View 4 Replies View Related

Copyrights 2005-15, All rights reserved