All Questions
143
questions
2
votes
1
answer
16
views
Limit access of SSH user to applications iptables and ip6tables
I'm using ubuntu 22.04 and want to login with an ssh user that has only access to iptables and ip6tables. So the user should login and can only input, delete and update iptables and ip6tables, nothing ...
- 21
2
votes
1
answer
4k
views
Ubuntu 22.04 iptables command not working
Totally new to netfilter thing, currently am running an application which uses three interfaces eth0/eth1/eth2, my application will run on two servers and they both can communicate between them via ...
- 169
0
votes
0
answers
62
views
Firewall rules block DNS from working
I've set up firewall rules on my server, which are generally working well. However, there's an issue: my server can't ping any website. It seems to be a DNS problem that arises when these rules are ...
- 101
0
votes
0
answers
98
views
routing with netplan
I have a problem configuring two network interfaces on an Ubuntu server version 18.04. I have an Ethernet network interface, configured via netplan with a static IP address, which I would like to ...
- 111
0
votes
1
answer
54
views
IPTables - allow connection from only one random IP simultaneously
Please tell me how to limit the connection to the server's listening port to only one random IP address, if a TCP-Syn comes from any other second one, then it is reset, if there are no connections to ...
1
vote
0
answers
112
views
Route traffic to different IP addresses while using a single outgoing IP
So I have 3 servers, each with his own public IP address. Now I also have a virtual IP(178.x.x.x) that's publicly accessible and it's mounted to one of those servers.
The virtual IP can be moved ...
- 11
1
vote
0
answers
88
views
Why I cannot log packages passing through PREROUTING chain?
Recently I have been studying iptables. To grasp how packages pass through every chain of iptables, I inserted log rules at the first line of every default chain. Then I ping the test server from ...
- 11
0
votes
1
answer
95
views
Firewall : firewalld with docker open port for local service
I'm trying to open port for ssh on non-standard port like 12452, i used these commands and non of them worked
iptables -I INPUT -p tcp --dport 12452 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 12452 -...
- 123
0
votes
0
answers
66
views
How can I redirect traffic for a specific user to connect to another server?
what I intend to do is transfer the traffic of just a specific user to another server (IP). with the commands below it will work very well to transfer only the traffic from the entire server, which ...
- 1
-1
votes
1
answer
65
views
Iptables not working properly in ubuntu VM under utm app
I want to setup my ubuntu machine like this so that it only opens youtube.com and pw.live website and block all other outgoing traffic.
What I have done so far is created ip_table script below inside ...
- 1
0
votes
1
answer
75
views
Iptables MASQUARADE seems to return the "RESULT" on The Internet instead of the demanding interface
I am trying to do an iptables masquerade from a WireGuard Interface and the Internet. It used to work but lately, I did add a few (just four) WireGuard Interfaces, and it stops working for all of ...
- 1
0
votes
1
answer
60
views
How to block all outbound traffic to 10.0.0.0/8 subnet except to 10.20.20.0/24 subnet using iptables
I have a peculiar situation.
I need to block all outbound connections to 10.0.0.0/8 subnet but allow connections to 10.20.20.0/24 subnet.
How can I do this using iptables on Ubuntu 20.04?
- 103
1
vote
0
answers
443
views
Why would an iptables rule for ANY proto only allow ICMP traffic?
Basically, I have a Linux box (Ubuntu Focal) configured as a gateway:
sysctl net.ipv4.ip_forward = 1 #Enable ipv4 forwarding
iptables -t nat -A POSTROUTING -o ens160 -s 192.168.1.0/24 -j MASQUERADE ...
- 117
0
votes
1
answer
752
views
Block incoming traffic on WAN with iptables on simple router kills outgoing traffic (Ubuntu)
I struggling with just dropping incoming traffic on a simple Ubuntu machine that acts as NAT router.
What I did so far:
I activated net.ipv4.ip_forward=1 in /etc/sysctl.conf
To have NAT i activated ...
- 3
1
vote
3
answers
785
views
Removing all INPUT DROP rules I've created so far
I am trying to create a script that will ban certain IP addresses under certain conditions and I need a way to sort of "clear" the blocks each midnight, to start over. I have created the ...
- 113