All Questions
152
questions
1
vote
0
answers
150
views
ksoftirqd taking a lot of cpu since moving to debian 12
I have a small pc linux box like intel nuc dual atom where I run some firewall settings.
Previously this machine runned debian 9 and everything worked fine.
I could have used the machine in middle of ...
- 3,004
0
votes
1
answer
50
views
Should 'dpkg -i iptables' be installing the required kernel modules?
I'm in the process of installing iptables onto an embedded Debian 8.7 armhf machine that does not have access to the internet. My method has been to manually find the .deb package files from the ...
- 971
0
votes
1
answer
118
views
docker, iptables and wireguard: what approach to pick?
Thanks to some help in a previous thread, I have managed to track down a specific issue, but I am not sure how to approach the potential fix.
To summarize the issue: docker on my server seems to break,...
- 1
1
vote
1
answer
99
views
iptables - More verbose, full log
I set the following rules:
iptables -A OUTPUT -j LOG
iptables -A INPUT -j LOG
and checking the logs with
iptables -vnL
The results is not what I want; I don't want to see source destination 0.0.0.0/...
- 203
0
votes
1
answer
295
views
redirect traffic of wlan0 through v2ray http proxy
I have a Raspberry Pi with two interfaces.
eth0 is connected to router to internet.
wlan0 is acting as access point using hostapd and there is udhcpd service for wlan0.
I installed v2raya which ...
- 1
0
votes
0
answers
148
views
iptables MARK works to change gateway, CONNMARK does not
I have a routing table which sends some traffic from another host out a different, higher speed gateway
ip route show table 88
default via 192.168.88.1 dev eno3
192.168.88.0/24 dev eno3 scope link src ...
- 101
2
votes
2
answers
2k
views
fail2ban SSH jail change action REJECT to DROP
I am trying to configure a simple SSH jail with fail2ban.
Below is the configuration of the jail in /etc/fail2ban/jail.conf :
[sshd]
# To use more aggressive sshd modes set filter parameter "...
- 23
0
votes
0
answers
353
views
Firewall problem on Debian 11 while trying to grant access to 443 port
Want to grant access to port 443 for two other computers.
All computers involved have Debian OS.
Ping and traceroute are successful from both IP addresses.
Rules added to iptables:
-A INPUT -s 192.168....
0
votes
2
answers
1k
views
cannot get iptables to auto load rules on reboot with iptables-persistent
I need some help, or advice.
I have a latest server I am trying to get into production and I cannot get it to load its rules on a reboot.
"Debian GNU/Linux 10 (buster)" it is up to date in ...
- 75
0
votes
1
answer
1k
views
How can I fix "not found: /sbin/iptables" in Debian 11
I am trying to do a lab work on a proxy server for study. I should warn you right away that I do not know anything about this subject, but I need help. I did everything according to the instructions ...
0
votes
0
answers
30
views
How can I isolate my firewall rules in a chain such that I can reset them separately?
I've been running some iptables rules for a while, which are (I hope) fine, no issues so far. Here's a snippet of that
# Block all input and forward traffic, both IPv4 and IPv6
iptables -P INPUT DROP
...
1
vote
0
answers
652
views
Cannot use the iptables command to create rules for filtering packets [Debian 10]
I'm having an Error while using the iptables commands even though I have installed the iptables latest version. The following error shows for the sudo iptables --list command,
modprobe: ERROR: ../...
0
votes
0
answers
460
views
IPtables DNAT with linux bridges (no interface addresses)
I've been doing some experimenting with iptables and bridges, and this scenario is just in a lab, but I've encountered some interesting functionality and would like some explanation as to what is ...
user432564
3
votes
1
answer
649
views
iptables group matching: modifying the primary group of a user
I'm trying to configure network access restrictions specific to a group of users on Debian 11 using the command iptables -A OUTPUT -m owner --gid-owner APIGROUP -j REJECT.
Here APIGROUP is a group. ...
- 175
1
vote
1
answer
446
views
Unable to use fwmark on Debian 11 (bulleyes)
I have a recipe I already use on many cases, but this time doesn't works on Debian 11 (kernel 5.10.0-10-amd64)
my setup is basically an internal interface eth0 for a RFC1918 LAN, and two external ...
- 675