All Questions
166
questions
0
votes
3
answers
95
views
iptables not dropping udp port for exact ip address
My iptables rules are as follows:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b
-A INPUT -d (my public facing ip)/32 -p udp -m udp --...
0
votes
1
answer
94
views
Block with firewall a dns request containing a certain query
Example
let's say I'm with iptables or nftables
I want to allow a certain traffic like the following one:
iptables -A OUTPUT -d 192.168.1.1 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.1.1 ...
0
votes
0
answers
220
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
1
answer
90
views
routing traffic using iptables and l2tp
Internet restrictions in my country have essentially made it impossible for VPNs to work.
As such, I wanted to circumvent this issue by using the following method.
Although "residential" ...
0
votes
0
answers
28
views
Firewall incoming packets are dropped with VLAN configuration
In my Windows PC, installed scapy tool for sending packets from my system to raspberry Pi board connected to my machine using VLAN.
In my raspberry Pi board, Firewall rules are already configured and ...
1
vote
1
answer
246
views
IPTables rules and networking with problems 2
My plan is to have a computer that forwards all traffic from internal interface ens19 to openvpn-interface tun0. The system has 2 physical interfaces: ens18 for local network with Internet connection ...
1
vote
1
answer
383
views
Unable to open port on debian vps
Trying to open 51820 UDP
I do
iptables -A INPUT -p udp --dport 51820 -j ACCEPT
then iptables -L
I can see
ACCEPT udp -- anywhere anywhere udp dpt:51820
then I do
/sbin/...
0
votes
0
answers
38
views
Iptable rules through two firewalls for an rdp connection
Suppose I have a network topology similar to the one above, if i wanted to rdp into a host on the private network from home these are the following iptable rules i have:
Firewall 1:
$IPT -t nat -A ...
-1
votes
1
answer
406
views
IPtables dropping packets I can't see with tcpdump and I don't know why?
My IPtables rules are blocking apt update for example:
root@vpn:~# apt update
Ign:1 https://pkgs.tailscale.com/stable/ubuntu jammy InRelease
Ign:2 http://de.archive.ubuntu.com/ubuntu jammy InRelease
...
0
votes
1
answer
141
views
IPTables rules and networking with problems
I'm using a Fritzbox for normal network and an own installed Router on rpi3 for an own network with openvpn, dnsmasq and iptables. Over the last few years the setup worked good. You can find the ...
1
vote
0
answers
91
views
Reroute and tunnel udp connection to another server
I have been trying to establish a connection between a vps and a dedicated bare metal server for a month now. Basically, vps will act as a tunnel to connect to my dedicated server, I'm doing this to ...
1
vote
1
answer
885
views
iptables - How do I restrict access to just local devices on the network?
I have a WireGuard VPN Server running on a Debian 12 host with no problems, listening on a specific UDP port, and all is working great with no issues. I can connect from my phone WireGuard client ...
1
vote
0
answers
383
views
Unable to traceroute but able to ping
I need to connect to my own server that runs Linux Mint.
After installing Tailscale on both PCs (client and server) I can successfully ping the server from client, but I'm unable to traceroute it.
...
2
votes
2
answers
2k
views
iptables drop all packets that do not come from two specific subnets
I want to drop all packets that do not come with a source IP in the subnets 11.2.4.0/24 and 11.2.3.0/24
I thought about doing something like so:
iptables -A OUTPUT ! -s 11.2.4.0/24,11.2.3.0/24 -j DROP
...
4
votes
1
answer
2k
views
nftables: How to stop further chain traversal after accept verdict
Context : https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
If a packet is accepted and there is another chain, bearing the same hook type and with a later priority, then the packet ...