Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,681
questions
0
votes
0
answers
31
views
block certain urls on my VPN server using iptables
I have a private VPN server. Users have multiple ways to connect to my server: wireguard, shadowsocks.
I want to restrict my users from accessing some sites.
As I understand, the most common way - is ...
2
votes
1
answer
83
views
Tracing iptables Rules
I'm just beginning to dig into iptables for the first time today, so apologies for any naivete.
For reference, I'm using
Ubuntu 22.04.4 LTS (Jammy Jellyfish)
iptables v1.8.7 (nf_tables)
ufw 0.36.1
...
1
vote
1
answer
80
views
iptables::drop INVALID before or after ESTABLISHED,RELATED?
It's not clear to me if the check for INVALID vs ESTABLISHED,RELATED is equally fast for both cases (and if the states are completely orthogonal) Do I have to drop INVALID before accepting ESTABLISHED ...
- 143
0
votes
2
answers
156
views
Where does ss command gather its data for ports etc
When trying to see port clashes within my system, many websites online recommend using /etc/services or ss -tunl to see port info
I am noticing /etc/services is providing different information to -ss ...
- 21
0
votes
0
answers
42
views
Flow of marked packets in Linux network stack
Summary:
My question is regarding the flow of marked packets in the network stack.
Here is what i have done:
I have marked packets in the mangle table using the OUTPUT chain.
I have also added a tun ...
- 1
0
votes
1
answer
35
views
Why aren't my ipset counters incremented?
I'm trying to configure a firewall (using iptables on a Docker host) that allows inbound HTTP and HTTPS from everywhere, SSH from a certain set of IPs and no other incoming connections. I liked what I ...
0
votes
1
answer
42
views
Use VPN connection only for selected applications
I am trying to follow: https://superuser.com/a/1262250/41337 but I cannot make it work.
I do:
interface=eth0
down() {
ip netns delete myvpn
ip link delete vpn0
iptables -D INPUT \! -i ...
- 35.8k
0
votes
1
answer
37
views
Trying to understand iptables log messages
I have set up iptables to log outgoing traffic from all but a limited set of users, and I'm trying to understand the log messages that this produces. Looking at /var/log/syslog, I see requests from ...
- 123
0
votes
1
answer
44
views
Marking packets in iptables based on output interface
I have an unusual setup on my server. We have three outgoing ethernet ports, all connected to a single bridge interface that we split into two VLANs:
ip link add veth type bridge
ip link set veth ...
- 3
0
votes
1
answer
42
views
Route all TCP traffic from port to another host:port
I have a wireguard config, creating a VPN between a remote server (10.0.1.1) and my local machine (10.0.1.2), so that the server can reach the local machine and vice versa.
I'd like the server to ...
- 145
1
vote
1
answer
23
views
iptables rule not working as expected
I cannot get this one rule working right.
My interfaces:
#WAN
auto wan0
iface wan0 inet dhcp
#LAN
auto lan0.7
iface lan0.7 inet static
address 172.17.7.1
netmask 255.255.255.0
vlan-raw-...
- 11
-4
votes
1
answer
51
views
Why is this iptables blocking the ssh to my virtual machine?
I have a virtual machine with kali running a ssh server, i want to block all traffic by ssh to this machine except from my own pc and to do it i have this iptables rules.
┌──(root㉿kali)-[/home/kali]
└─...
- 1
1
vote
0
answers
150
views
ksoftirqd taking a lot of cpu since moving to debian 12
I have a small pc linux box like intel nuc dual atom where I run some firewall settings.
Previously this machine runned debian 9 and everything worked fine.
I could have used the machine in middle of ...
- 3,004
1
vote
0
answers
211
views
Libvirt iptable chain LIBVIRT_FWX has no effect on interface internal traffic
I created a libvirt network in open mode and added the iptable rules that would have been created for a nat mode network. My plan is to basically create a nat network but add some custom iptable rules ...
- 11
0
votes
0
answers
60
views
Docker container traffic through host iptables tproxy
Problem
Docker container network does not go through the host TPROXY-configured tunnel.
Setup
I have a TPROXY-supported proxy server running on my machine (listening on 127.0.0.1:8080). I configured ...
- 1