All Questions
166
questions
1
vote
2
answers
8k
views
how to restore iptables after iptables -F?
I used iptables -F on my machine, and what can I do to recover the iptables into the default without rebooting my machine?
I restarted the iptables service and it failed, and I can't find iptables ...
2
votes
2
answers
1k
views
iptables drop all packets that do not come from two specific subnets
I want to drop all packets that do not come with a source IP in the subnets 11.2.4.0/24 and 11.2.3.0/24
I thought about doing something like so:
iptables -A OUTPUT ! -s 11.2.4.0/24,11.2.3.0/24 -j DROP
...
11
votes
2
answers
15k
views
Ubuntu IPTables allow only allow 1 country
So I've been looking around on the net for a script that will drop all traffic to all ports except the http(80) and https(443) ports, and then only allow traffic on all other ports from country x (...
0
votes
3
answers
91
views
iptables not dropping udp port for exact ip address
My iptables rules are as follows:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b
-A INPUT -d (my public facing ip)/32 -p udp -m udp --...
0
votes
2
answers
1k
views
Mitigating TCP reset style attacks
I appear to be a victim of TCP reset attacks with the purpose of preventing me from downloading specific data. I know this is the case at this stage.
For the time being I am staying at a hotel and so ...
0
votes
1
answer
87
views
Block with firewall a dns request containing a certain query
Example
let's say I'm with iptables or nftables
I want to allow a certain traffic like the following one:
iptables -A OUTPUT -d 192.168.1.1 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.1.1 ...
0
votes
0
answers
198
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
1
answer
5k
views
iptables snat does not change source IP
I am on ubuntu (with IP 10.0.0.1) trying to snat packets going out from port 9090. I want to change the source IP to 10.0.0.2
I have added the following rule through iptables:
# iptables -t nat -A ...
0
votes
1
answer
83
views
routing traffic using iptables and l2tp
Internet restrictions in my country have essentially made it impossible for VPNs to work.
As such, I wanted to circumvent this issue by using the following method.
Although "residential" ...
1
vote
3
answers
5k
views
iptables SNAT/DNAT explain behaviour
I am new to iptables and I want to understand how iptables nat is working.
I have a linux machine with a lxc container.
The machine network configuration is as follows: eth0 interface which connects ...
0
votes
0
answers
28
views
Firewall incoming packets are dropped with VLAN configuration
In my Windows PC, installed scapy tool for sending packets from my system to raspberry Pi board connected to my machine using VLAN.
In my raspberry Pi board, Firewall rules are already configured and ...
1
vote
1
answer
241
views
IPTables rules and networking with problems 2
My plan is to have a computer that forwards all traffic from internal interface ens19 to openvpn-interface tun0. The system has 2 physical interfaces: ens18 for local network with Internet connection ...
1
vote
1
answer
367
views
Unable to open port on debian vps
Trying to open 51820 UDP
I do
iptables -A INPUT -p udp --dport 51820 -j ACCEPT
then iptables -L
I can see
ACCEPT udp -- anywhere anywhere udp dpt:51820
then I do
/sbin/...
0
votes
0
answers
36
views
Iptable rules through two firewalls for an rdp connection
Suppose I have a network topology similar to the one above, if i wanted to rdp into a host on the private network from home these are the following iptable rules i have:
Firewall 1:
$IPT -t nat -A ...
-1
votes
1
answer
382
views
IPtables dropping packets I can't see with tcpdump and I don't know why?
My IPtables rules are blocking apt update for example:
root@vpn:~# apt update
Ign:1 https://pkgs.tailscale.com/stable/ubuntu jammy InRelease
Ign:2 http://de.archive.ubuntu.com/ubuntu jammy InRelease
...