Search Results

Say I setup my firewall with the following rules: -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -d x.x.x.x --syn -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp -s x.x.x.x --dport 22 -d … From what I can see in my firewall counters, though, it feels like if I have both ESTABLISHED and RELATED, any traffic on TCP can be sent to the server... …

I did not change my firewall. No installation... Just after a reboot it works for a minute or two, I think that is the time it takes for something to start and mess that up. … Also I have a docker from snap, although the daemon is running, the DOCKER rules that often appear in the firewall are not there at the moment. Btw, the LAN itself works. …

I often see samples of IPv4 rules for iptables which are there to stop what is viewed as invalid or broken TCP packets. Certain combinations of TCP flags should never be used. Here is an example of 4 …

As mentioned by Michael Hampton in a couple of comments, the reaction time, how often fail2ban checks the logs, has nothing to do with the findtime parameter. fail2ban is expected to read new log data …

Then you can enable it and it will kick in on each reboot. systemctl enable my-firewall To see whether it worked, check the status: systemctl status my-firewall Also you can start/stop manually to verify … that the script runs as expected: systemctl start my-firewall systemctl stop my-firewall Since I don't have a script to stop my firewall, nothing happens in the stop, but if already running the start …

So in other words, you do not have a firewall at all... You have the same first rule in your OUTPUT chain, I suppose that's to make really sure your firewall is not going to block anything. … A word of advise, write a small script to look at your firewall using the -nvx options. The -n makes it fast by not trying to convert IP addresses. …