Search Results
Search type | Search syntax |
---|---|
Tags | [tag] |
Exact | "words here" |
Author |
user:1234 user:me (yours) |
Score |
score:3 (3+) score:0 (none) |
Answers |
answers:3 (3+) answers:0 (none) isaccepted:yes hasaccepted:no inquestion:1234 |
Views | views:250 |
Code | code:"if (foo != bar)" |
Sections |
title:apples body:"apples oranges" |
URL | url:"*.example.com" |
Saves | in:saves |
Status |
closed:yes duplicate:no migrated:no wiki:no |
Types |
is:question is:answer |
Exclude |
-[tag] -apples |
For more details on advanced search visit our help page |
A Firewall is an application or hardware device used to inspect and filter network traffic.
3
votes
1
answer
307
views
Is the use of the RELATED state in iptables used properly?
Say I setup my firewall with the following rules:
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -d x.x.x.x --syn -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp -s x.x.x.x --dport 22 -d … From what I can see in my firewall counters, though, it feels like if I have both ESTABLISHED and RELATED, any traffic on TCP can be sent to the server... …
0
votes
0
answers
22
views
NAT pre/output/post routing/forwarding fails a few minutes after a reboot. What would ask th...
I did not change my firewall. No installation... Just after a reboot it works for a minute or two, I think that is the time it takes for something to start and mess that up. … Also I have a docker from snap, although the daemon is running, the DOCKER rules that often appear in the firewall are not there at the moment.
Btw, the LAN itself works. …
0
votes
0
answers
126
views
Is checking broken TCP packets still a thing?
I often see samples of IPv4 rules for iptables which are there to stop what is viewed as invalid or broken TCP packets. Certain combinations of TCP flags should never be used.
Here is an example of 4 …
17
votes
Get Fail2Ban To Check findtime Every X Minutes
As mentioned by Michael Hampton in a couple of comments, the reaction time, how often fail2ban checks the logs, has nothing to do with the findtime parameter. fail2ban is expected to read new log data …
2
votes
Accepted
Persist SSH firewall rules running OpenVPN
Then you can enable it and it will kick in on each reboot.
systemctl enable my-firewall
To see whether it worked, check the status:
systemctl status my-firewall
Also you can start/stop manually to verify … that the script runs as expected:
systemctl start my-firewall
systemctl stop my-firewall
Since I don't have a script to stop my firewall, nothing happens in the stop, but if already running the start …
1
vote
(PCI-DSS, APF) Firewall UDP Packet Source Port 53 Ruleset Bypass?
So in other words, you do not have a firewall at all...
You have the same first rule in your OUTPUT chain, I suppose that's to make really sure your firewall is not going to block anything. … A word of advise, write a small script to look at your firewall using the -nvx options. The -n makes it fast by not trying to convert IP addresses. …