Ubuntu Security :: Ufw Not Blocking Ports?

Apr 1, 2010

After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.


View 9 Replies


Fedora Security :: Selinux Policy Blocking Outbound Ports For Sshd

May 25, 2011

Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.

While I did manage to allow this happen by creating a permissive domain for sshd with this command:


The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:


Is this the correct way of allowing an outbound port connection for the sshd daemon?

View 2 Replies View Related

Ubuntu Security :: How To Check What The UFW Is Blocking

Mar 26, 2010

I can see what Firestarter is blocking in the Firestarter/Events tab, but after reading all the man pages of UFW, I still don't know how to check what the UFW is blocking.

View 9 Replies View Related

Ubuntu Security :: Firestarter Keeps Blocking Ip's?

Mar 8, 2011

im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.


View 2 Replies View Related

Ubuntu Security :: Ufw Is Blocking Some Port 80 And Should Not?

Apr 15, 2011

I have the default to deny all. The only rule I have in there is:

To Action From
-- ------ ----


View 4 Replies View Related

Ubuntu Security :: UFW Is Blocking Connections Even Though It's Set To Allow For In/Out

Aug 1, 2011

I might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.

Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0

View 2 Replies View Related

Ubuntu Security :: Denyhosts Keeps Blocking External Ip

Oct 31, 2010

I've been using Deny Hosts for a couple of years now without trouble. My router forwards SSH calls to host tock on my LAN. My router's internet hostname is michigan. I keep an svn repository on tock and access it through michigan. In this way I can update my repository when I'm at home or away.Just today, however, whenever I try any ssh to michigan, I get a closed connection and find michigan in my hosts.deny file. I delete it, make a successful connection, but then on my next attempt - there I am in the hosts.deny file again.

I've worked around it by putting michigan into my hosts.allow file, but I would really like to know what's going on. I've configured Hosts Deny to lock out IPs after three failed attempts, but it is locking out michigan after one successful connection.

View 3 Replies View Related

Ubuntu Security :: Mobloquer Blocking Outgoing Connections?

Jan 18, 2010

Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.

View 2 Replies View Related

Security :: Blocking Web Content With Iptables?

Aug 8, 2010

Is possible blocking web with content for adults with iptables?

View 3 Replies View Related

Security :: Logging/Blocking LAN Traffic?

Apr 26, 2010

Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)

I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.

View 7 Replies View Related

Security :: Red Hat SeLinux Is Blocking Ssh And Http?

Feb 3, 2011

When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.

I went into the SeLinux GUI and enabled things in there but still it wont work.

Any thoughts on what to check?

permissive mode and disabled they work

I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working

ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd


View 11 Replies View Related

Fedora Security :: SELinux Is Blocking Ipod?

Jul 8, 2009

I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.

View 2 Replies View Related

Fedora Security :: Web Site Blocking For Particular User

Apr 14, 2010

In fedora 12 how can i configure the system such that a particular user can browse only selected web sites.

View 9 Replies View Related

Fedora Security :: Blocking And Allowing IP Address For FTP?

Jul 15, 2010

I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.

And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?

Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...

Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?

View 1 Replies View Related

Fedora Security :: Blocking Ip Address Range?

Dec 31, 2010

I'm assuming that the following should block the complete 178.123.xxx.xxx address range.

iptables -I INPUT -s -j DROP
Then I believe that I need to save this change.

service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.

Quote: - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.

View 12 Replies View Related

Fedora Security :: SEL Is Blocking Xauthority File?

Aug 8, 2011

since I upgraded to F15 I noticed that "su -l" is very slow, it takes about 20sec before it gives the prompt. I traced it down to a problem with "xauth" as su asks for the authorization for the display running "xauth nlist :0" which times out with an error. Actually, the command "xauth nlist :0" by itself gives:
xauth: timeout in locking authority file /home/user/.kde/tmp-host.domain/xauth-200-_0

If I put SELinux in permissive mode both command work without problem so I suppose SEL is the problem. I checked the permissions and settings of the file which is "unconfined_u:object_r:config_home_t:s0" but I have no idea if this is the right value, running "restorecon" on the file, directory or the whole /home/user didn't change anything.

View 4 Replies View Related

Security :: Blocking A Specific IP Address From Server?

May 8, 2010

I would like to COMPLETELY block a specific IP address using iptables. I found this one:


iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

Will this work? How do I undo the changes later?

View 2 Replies View Related

Security :: Blocking An Ip Address Range Within Iptables?

Mar 30, 2009

I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:



What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?

View 4 Replies View Related

Security :: Blocking Ips Permanently And Throwing Away The Keys

Sep 22, 2010

I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.

So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.

So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.

But the basic question is to block ips and gulp the key.

View 5 Replies View Related

Security :: Blocking Users Who Are Not Defined In DNS Record

Jul 29, 2010

In our organization we use Static IP addressing scheme(Some departments have DHCP which is not related to this thread). We use Squid as proxy.

We assign each machine its IP address and make entry in our TinyDNS database, and provide those details to users, which they manually enter in their config and then access the network. We assign different range of IPs to different departments. This we consider as the "proper way" for our organization.

But we have found that lot many users are simply guessing some IPs and using them without having any entry in our DNS record. Though this works for some, most of the time we end up having IP conflicts and disorganization in our organizational allocation policy.

So, my question is, How do I block the specific IPs whose entry is not explicitly defined in our DNS record. In other word if the IP say he is jack.ourorganization.com) is defined in our DNS, we should allow access... where as if IP does not translate to any user as it is not defined in our DNS) is not defined in our DNS we should not allow it access to our network.

View 6 Replies View Related

Security :: IPTables Setup Blocking SSH Traffic

Feb 11, 2011

I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:

iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

How do you allow SSH through the iptables firewall?

View 5 Replies View Related

Fedora Security :: SElinux Is Blocking My Internet Connection

Mar 15, 2009

SElinux is blocking my internet connection and every time when I connect t the internet (pppoe connection) I ge message.

View 2 Replies View Related

Security :: Blocking Local Webserver For Internal Clients?

Sep 18, 2009

I've small issue with blocking local clients. I mean I've webserver that I want to allow limited number to clients to that let say I've 10 users from I would like to block 1-9 and allow only last client to access that webserver . Ive tried the following


iptables -A -p tcp -i eth1 -d -s ! -j REJECT
iptables -A INPUT -p tcp -d -i eth1 -s ! -j DROP

View 1 Replies View Related

Security :: Blocking Program Access To Clipboard Data?

Feb 9, 2011

I'm running a program called Synergy+ to let my keyboard and mouse control multiple computers. One of Synergy+'s features is that clipboard (copy-paste) data is able to be shared, as in copy on one machine, paste onto another. I would like this functionality removed but Synergy+ has no way to disable it. I'm looking for any ideas to block clipboard data from being transferred. Is there a way to block a program from accessing the machine's clipboard data?

View 5 Replies View Related

Security :: CentOS 5.5 Upgrade - IPTables SSH Auto Blocking

Jun 6, 2011

I have a fiberoptic broadband 20MB synchronous pipe at my home. Over summer at my place of employment its pretty much dead for 3 months so when I'm not busy I play around on my home server. I have my 20mb pipe going directly into my wrt54gl, from there I have a wired connection going to my server (Centos 5.3 recently upgraded to 5.5 through updates.) It serves as a file server(Samba, SSH). My wrt54gl handles natting port 22 to my server. I have my wireless AP setup to hand out leases from .2-.20 and my server has a static of .100. Dyndns.org handles my name resolution via their free account method.

I have a Mac Pro, iMac, Macbook, and a Toshiba Laptop with 64bit 7 running off wireless along with our cell phones, and my XBOX 360 also is wired directly for the gaming speed. I use all of the computers around my home to access the samba shares via unc path for file sharing and or working on projects. I had originally planned to upgrade the wrt54gl with a cisco e3200 or an e3000 but unfortunately I've come to find out dyndns and the e lines of cisco wireless AP's dont work with dyndns and get banned. So I would have to install the daemon on my server and put it as a directly connected server to my WAN link and install a second ethernet card and pass traffic through my server for the rest of my home which I am not going to do.

All of the previous sentence because it would update dyndns with a 192.168.x.x address since its not directly connected. I use a combination of putty.exe and vnc viewer to tunnel 5900 through port 22 to my server. So from anywhere I am at I can access my screen securely and then rdp or vnc to the desktop of my local LAN computers. This allows me to only have port 22 open. I've been looking at my ssh logs and noticed I have been getting hit alot with ssh scans. I want to implement an iptables firewall on my linux machine just for the purpose of further securing port 22. I dont necessarily need natting on the iptables firewall but all I need is ssh in and out, web in, and samba out to local ip's only.

For SSH this is what I want. I want to allow SSH from any IP but if it tries to login more than 3 times in one minute I want to block that IP for a full minute before it can try 3 more attempts. I also would like log to a file but have been having issues getting that to work as well. That way when I review logs and I see that an ip tries three times and then waits a minute and tries three more, etc... I can permanently block that ip or range of ip's by adding it to the iptables script. Here is my current iptables script and it doesnt seem to be working for me. I have played with this and read for almost two weeks and still cannot get it to work correctly.

# In order to use this iptables firewall script you must have iptables installed. You also must be using a 2.4.x series Kernel, with iptables suppport compiled into it, which is standard for most newer linux distributions.
# If you need help compiling iptables into your kernel, please see our kernel Compile/Upgrade Guide located at [URL]
# Once the script has been edited with all your relevant information (IP's Network Interfaces, etc..) simply make the script executable and run it as root.
# chmod 700 fw_rules.sh
# ./fw_rules.sh .....

# Our final trap. Everything on INPUT goes to the dropwall
# So we don't get silent drops.
$IPT -A INPUT -j dropwall

View 3 Replies View Related

Ubuntu Security :: Blocking Linhost274.prod.mesa1.secureserver.net From Accessing Machine

Feb 3, 2011

I am trying to keep linhost274.prod.mesa1.secureserver.net (IP from accessing my machine. Several times per evening (as far as I see) it connects to my machine, each time on a different port, and pushes up data transfer. I can't find what it does, it just pushes a GB or more over the line and then stops. I try to keep it out with UFW:


View 6 Replies View Related

Fedora Security :: SELinux Blocking Sshd Access To Shadow?

Mar 6, 2010

I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:


sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2

If I do a 'setenforce 0' I can login and no error is logged.

View 10 Replies View Related

Security :: Debian 6: Iptables Blocking Certain IP Ranges On A Certain Port Range?

May 16, 2011

I am currently running Debian 6. I would like to know if there is a way and how i would go about blocking a certain IP range from connecting to my server within a certain port range. Say for example.

i want to block ip range 123.123.123.* from connecting to my server on the ports 33000 - 43000. But, i want to allow them to connect on any other port range, and i want to be able to allow connections from my server to the blocked ip range on those same ports. so, blocking incoming only on the above port range.

using iptables.

View 1 Replies View Related

Security :: IPtables Port 25 Connection Limit Without Blocking Barracudas

Jan 11, 2011

I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:

Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT

Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.

View 4 Replies View Related

Ubuntu Security :: What Ports Are Open And Why

Jul 27, 2010

I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.

nmap localhost returns:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using
Interesting ports on localhost (
Not shown: 994 closed ports
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

However, I know that localhost goes back to the loopback interface, So, to see what was really open, I ran nmap, which is my laptop's IP at the moment.

james@james-linux:~$ nmap
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on
Not shown: 996 closed ports
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?

View 9 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved