All Questions
435
questions
-1
votes
0
answers
121
views
How to set up public Linux station safely?
On a Linux cloud machine, I want to set up a learning station for beginners (pubnix/pubunix).
How can I block all internet except for incoming SSH (ssh user@cloudmachine) and except for SSH local port ...
- 438
0
votes
1
answer
129
views
How are source ports chosen for iptables SNAT targets?
By default the SNAT target keeps the source port of the original packet. If that port is already in use, it chooses one at random. Is there any way to influence the choice of this port or gage the ...
- 479
2
votes
1
answer
83
views
Tracing iptables Rules
I'm just beginning to dig into iptables for the first time today, so apologies for any naivete.
For reference, I'm using
Ubuntu 22.04.4 LTS (Jammy Jellyfish)
iptables v1.8.7 (nf_tables)
ufw 0.36.1
...
0
votes
1
answer
35
views
Why aren't my ipset counters incremented?
I'm trying to configure a firewall (using iptables on a Docker host) that allows inbound HTTP and HTTPS from everywhere, SSH from a certain set of IPs and no other incoming connections. I liked what I ...
1
vote
1
answer
23
views
iptables rule not working as expected
I cannot get this one rule working right.
My interfaces:
#WAN
auto wan0
iface wan0 inet dhcp
#LAN
auto lan0.7
iface lan0.7 inet static
address 172.17.7.1
netmask 255.255.255.0
vlan-raw-...
- 11
0
votes
0
answers
28
views
Many UFW BLOCKs pr minute from numerous ports and numerous IP addresses
My syslog is flooded with numerous attacks of some sort coming from multiple sources.
I looked at all the other references in the search feature but none addressed tcp and from numerous sources
Feb 16 ...
- 207
0
votes
1
answer
83
views
Iptables: order of redirect and input-filter
I will filter inbound traffic with iptables.
I have 2 goals.
a) Allow HTTPS inbound at port 443.
b) Redirect port 443 to process listening port on 9443.
Not sure about the processing of that 2 rules....
- 615
0
votes
1
answer
205
views
How to exclude dnsmasq used by libvirt from Mullvad VPN's "local network sharing" block
I don't use the local network expect dnsmasq for libvirt. With blocking local network I have no DNS on my VM. For that reason I want to exclude dnsmasq from the local network sharing block with split ...
- 81
0
votes
1
answer
79
views
Blocking all ports but a few in iptables
I am attempting to DROP all ports but one in iptables.
After running the following commands:
iptables -N WHITELIST
iptables -A INPUT --jump WHITELIST
iptables -A WHITELIST --protocol tcp --match tcp --...
- 26
0
votes
0
answers
256
views
Configuring IPTABLES for Passive FTP Connection through NAT (Forwarding from One PC to Another Using a Second Ethernet Card)
I am trying to connect to an FTP server through a NAT network created by another PC that uses two Ethernet cards. I would like to access via FTP client the second PC's FTP server through the first one....
0
votes
1
answer
194
views
How to define port forwarding
I run a server with a web server running as a rootless podman container. This exposes ports 10080 and 10443 because, as a rootless container, it is not allowed to expose ports 80 and 443.
So that my ...
- 1
0
votes
0
answers
120
views
Nftables does not work as expected to block with meter
Goal: Account for excess packets whose rate source IP and destination port are greater than 200 packets per second, example:
1s, 2s, 3s ...: IP 1.1.1.1 to MyServer:80
[This happens 201 times in ...
- 9
0
votes
0
answers
84
views
Can't access webserver inside LAN
I have tried apache and php's internal server, with none of them I can access from another computer if I use the internal IP. \
In the browser it sais "The connection has timed out. The server at ...
- 11
2
votes
1
answer
3k
views
UFW Couldn't determine iptables version
I am building a custom embedded Linux platform based on the NXP i.MX8 with Yocto. I want to use UFW to setup the firewall. When I boot the system and try to use UFW it returns an error
Couldn't ...
- 29
2
votes
2
answers
908
views
nftables deleting a rule without passing handle (similar to iptables delete)
iptables syntax for delete is much simpler. if we replace the "append" with delete we get command for deletion of the rule.
nftable provides similar construct for few rule management aspect ...
