All Questions
70
questions
0
votes
0
answers
32
views
How to Log Each Outbound TCP Connection
At my company we have a set of 3 identical VMs. These VMs house an app that "sends messages". The app sends each message by making a TCP connection out to one of two fixed IP addresses (...
0
votes
0
answers
48
views
Firewalld (nftables) SNAT problem
so my setup is following:
A:
PrivIP: 172.16.1.1
PublicIP: 212.1.2.3
B:
PrivIP: 10.123.0.1 (Interface: dummyip, dont ask why I named it like that)
PublicIP: 213.1.2.3 (Interface: eth0)
They both are ...
0
votes
1
answer
95
views
Firewall : firewalld with docker open port for local service
I'm trying to open port for ssh on non-standard port like 12452, i used these commands and non of them worked
iptables -I INPUT -p tcp --dport 12452 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 12452 -...
2
votes
0
answers
1k
views
Podman: automatic network rules and iptables
When I run podman container and share port 4444 as following example:
podman run -dit --name test -p 4444:4444 alpine
It creates following iptable
Chain INPUT (policy ACCEPT)
target prot opt ...
5
votes
0
answers
2k
views
Ubuntu 22.04 firewalld initiation problem: no python-nftables
I tried to use firewalld instead of ufw, but it keeps showing the following errors even after manually downloading python-nftables through sudo apt install
iptables is not being used.
$ systemctl ...
0
votes
2
answers
575
views
How does firewalld handle packet state internally when you add rules?
Coming from an iptables background, I can specify packet connection states (usually either NEW and/or ESTABLISHED) when defining new firewall rules. For example, this pair of rules will ensure that ...
2
votes
1
answer
873
views
How to configure Firewalld to block incoming traffic on loopback interface?
I have firewalld enabled and configured as below:
loopback (active)
target: DROP
icmp-block-inversion: no
interfaces: lo
sources:
services:
ports:
protocols:
forward: no
...
1
vote
1
answer
1k
views
Port forwarding while preserving original IP
Im using firewalld to forward an incoming port from the internet (9999) to a local LAN IP address (100.1.1.1) like this:
external (active)
target: default
icmp-block-inversion: no
interfaces: ...
0
votes
1
answer
3k
views
Convert iptable rules to firewalld
Need your help to convert this to a firewalld command. I'm not sure that i will do it in proper way, so yeah :)
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A ...
1
vote
1
answer
419
views
Convert iptables rules to firewalld for supporting domain
I have a list of iptables rules (see below). The main idea of rules replace source ip address for each request on a specific destination IP address. These rules work properly, but in my case the ...
2
votes
1
answer
2k
views
Redirecting traffic for inside network, and allow this from only IP address
I have problem with iptables. In IP tables I make redirect traffic from port 4440 to inside IP Adresses 10.0.10.102:4440
-A PREROUTING -p tcp -m tcp --dport 4440 -j DNAT --to-destination 10.0.10.102:...
0
votes
1
answer
195
views
iptables accept from specific ips slows down SSH and web
I used ranges of IP address to block other countries, when I use SSH or some of my web services it slows down, if I remove the rules and put everything back to normal it works normally, any ideas?
0
votes
1
answer
888
views
Firewall is active, added port to iptables but still cannot connect
We have RedHat 8 server. Firewalld is active.
I need to connect to port 5050 from my lap top and from the second server, so I added it to the rules
iptables -I INPUT -p tcp -m tcp --dport 5050 -j ...
0
votes
1
answer
562
views
iptables/firewall-cmd DROP rules set last block ip rule set before
As follow is the list of the iptables rules that I have :
# firewall-cmd --direct --get-all-rules
ipv4 filter INPUT 0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
...
...
ipv4 filter INPUT ...
0
votes
1
answer
493
views
how to use firewalld in stateful mode
I have to setup an stateful firewall on centos8 using firewalld.
I'm new to firewalld but have experience with old style iptables for this purpose.
since it is recommended by Redhat here, I prefer to ...