All Questions
166
questions
16
votes
1
answer
42k
views
What are the IP ranges to block the entire Russian Federation? [closed]
Every single morning the Russian Federation keeps attacking our sites. Every single day I block their IP address and every single day they use a new sub net. I tried:
-A INPUT -s 4.53.0.0/16 -j DROP
-...
13
votes
2
answers
3k
views
Allow traffic through a firewall to a dynamic IPv6 address
Suppose I have this configuration on IPv4 right now:
My router (a Linux box) is connected to the Internet on eth0 and my LAN on eth1. I want to forward port 80 to 10.1.2.3. Here's how I'd currently ...
11
votes
2
answers
15k
views
Ubuntu IPTables allow only allow 1 country
So I've been looking around on the net for a script that will drop all traffic to all ports except the http(80) and https(443) ports, and then only allow traffic on all other ports from country x (...
8
votes
2
answers
9k
views
Deleting a IP from blacklist iptables
I created a blacklist using ipset and iptables called "blacklist", now i would like to know how i edit "blacklist" to remove or add IP's.
Anyone knows?
7
votes
2
answers
40k
views
How forward packets from network interface to another
My problem is forward packets from eth2 that is my LAN to eth1 that has access to internet, to allow eth2 to access to internet, here my configuration:
auto eth1
iface eth1 inet static
address ...
7
votes
1
answer
4k
views
How to block docker-mapped ports with a firewall from outside the host without messing up docker routing inside the host?
I have a docker container running on a host with some port mapped to a port on the host.
docker run -d -p 9009:9009 someserver
I want this machine firewalled off from the internet except for 80, ...
5
votes
1
answer
12k
views
Redirect incoming https to local ip with iptables
I have a router with 1 network interface (eth0, public ip) and an alias for eth0:0, local ip 192.168.1.1.
I want to redirect all incoming https (443) traffic to another server. I tried it with
...
5
votes
1
answer
2k
views
Block Windows 10 P2P updates with a corporate firewall
I work for a small IT company that fix mostly Windows computers, and lately we have an huge issue with Windows 10 updates.
When a new computer enters our network and starts downloading updates, it ...
4
votes
1
answer
21k
views
iptables reject-with icmp-host-prohibited
I recently bough new KVM/VPS once I install OpenResty(nginx fork) and run it , my server were not accepting incoming connection on the test port 8080
I manage to solve the issue by adding port 8080 to ...
4
votes
3
answers
1k
views
Is this firewall completely secure?
I'd like to know if there's any holes/flaws in this firewall setup. I want to lock down the server as much as possible so it is impossible to hack in to. The only services running are openvpn and ssh. ...
4
votes
1
answer
1k
views
nftables: How to stop further chain traversal after accept verdict
Context : https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
If a packet is accepted and there is another chain, bearing the same hook type and with a later priority, then the packet ...
4
votes
1
answer
8k
views
How can I do DNAT and SNAT on Windows 7?
I have a very old program which uses a fixed IP address as destination. I'm trying to revamp my network into something more modern but this legacy system is holding me back.
As a simple solution, I ...
3
votes
1
answer
16k
views
Difference between iptables default policy to `DROP` and inserting a seperate policy in input chain to DROP all connections
I'm trying to DROP all incoming connections to my server, except from particular networks. At the same time I want to keep all outgoing connections from my server to external network (any network over ...
3
votes
3
answers
1k
views
I Have No IPTables
I have something really weird going on that I can't seem to find any reference to after a lot of googling. I seem to have no iptables. Not that the chains are flushed or that they are all ACCEPT rules ...
3
votes
1
answer
5k
views
Time-limited whitelisting of IP address(es) with ipset and iptables
I found a question from another post that is close answering what I'm seeking. In short, I want to be able to setup a rule via ipset that times out automatically, but I want to whitelist specific IPs ...