Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
204
questions
115
votes
11
answers
81k
views
Block network access of a process?
Is it possible to block the (outgoing) network access of a single process?
27
votes
6
answers
94k
views
Output traffic on different interfaces based on destination port
My question is basically the same as Only allow certain outbound traffic on certain interfaces.
I have two interfaces eth1 (10.0.0.2) and wlan0 (192.168.0.2).
My default route is for eth1.
Let's say ...
79
votes
4
answers
107k
views
Reply on same interface as incoming?
I have a system with two interfaces. Both interfaces are connected to the internet. One of them is set as the default route; a side effect of this is that if a packet comes in on the non-default-route ...
13
votes
3
answers
13k
views
How to restrict internet access for a particular user on the lan using iptables in Linux
Let's say there are two users on the LAN, A and B. How do I restrict user A from internet access using iptables rules and saving the rules so that after reboot, they are still effective. Suppose also ...
36
votes
6
answers
210k
views
Iptables to allow incoming FTP
I want to allow incoming FTP traffic.
CentOS 5.4:
This is my /etc/sysconfig/iptables file.
# Generated by iptables-save v1.3.5 on Thu Oct 3 21:23:07 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ...
19
votes
4
answers
14k
views
Per process firewall?
I've been reading around but can't seem to find a way to create per-process firewall rules. I know about iptables --uid-owner but that only works for outgoing traffic. I've considered scripting ...
92
votes
6
answers
177k
views
Why do iptables rules disappear when restarting my Debian system?
I add this rule:
sudo iptables -t nat -A OUTPUT -d a.b.c.d -p tcp \
--dport 1723 -j DNAT --to-destination a.b.c.d:10000
When restart computer rules are deleted. Why?
What I can do to make the ...
35
votes
2
answers
60k
views
How iptables tables and chains are traversed
I know linux has 3 built-in tables and each of them has its own chains as follow:
FILTER: PREROUTING, FORWARD, POSTROUTING
NAT: PREROUTING, INPUT, OUTPUT, POSTROUTING
MANGLE: PREROUTING, INPUT, ...
25
votes
4
answers
71k
views
Port forward to VPN Client?
I've run into a bit of a puzzle and haven't had much luck finding a solution. Right now I am (sadly) connected to the net via Verizon 3G. They filter all incoming traffic so it is impossible for me to ...
11
votes
6
answers
45k
views
iptables to block https websites
I wish to block a few websites that also run upon https, like facebook, twitter, and gmail, in my organization. Squid is not supposed to be used here as per the orders from higher management. We can ...
39
votes
1
answer
37k
views
Is it better to set -j REJECT or -j DROP in iptables?
There's an example of iptables rules on archlinux wiki:
# Generated by iptables-save v1.4.18 on Sun Mar 17 14:21:12 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TCP - [0:0]...
38
votes
4
answers
218k
views
iptables: allow certain ips and block all other connection
How do I allow certain ips and block all other connection in iptables?
19
votes
1
answer
130k
views
iptables forward all traffic to interface
I have two interfaces eth1 and eth0. I want all traffic on eth0to be forwarded to eth1. I created an iptable rule like this:
iptables -A FORWARD -s 0/0 -i eth0 -p tcp -o eth1 -j ACCEPT
But this ...
15
votes
3
answers
28k
views
Only allow certain outbound traffic on certain interfaces
I have rather an odd issue. I have a server with two network interfaces eth0 and eth1. Each are connected to a different network. Each network has a internet gateway. The server has various outbound ...
11
votes
1
answer
11k
views
OpenVPN Client and Server on same machine - Server doesn't allow connections when client is connected
I am new to this community and am hopeful that somebody can help me. Please let me know if I haven't posted all required information.
Situation:
I have a linux server (raspberry pi, 192.168.1.2) ...