Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
927
questions with no upvoted or accepted answers
8
votes
1
answer
7k
views
What is the difference between iptables and ip route table?
Recently I am learning iptables, I know there are 5 independent tables, two of them are filter and nat tables. And I sometimes will look at netatat -r or route table, I know ip command can modify this ...
- 183
6
votes
0
answers
4k
views
Routing traffic for specific user to specific interface
I have a Linux box with these interfaces:
eth0 Link encap:Ethernet HWaddr 14:da:e9:ef:75:7d
inet addr:176.9.85.182 Bcast:176.9.85.191 Mask:255.255.255.224
tun0 Link encap:UNSPEC ...
- 61
6
votes
3
answers
2k
views
Port fowarding and load balancer in ubuntu server 12.04
I am looking to create a load balancing server. Essentially here is what I want to do:
I have a public IP address, lets say 1.1.1.1 I have a second public IP address, lets say 2.2.2.2. I have a ...
5
votes
0
answers
2k
views
Ubuntu 22.04 firewalld initiation problem: no python-nftables
I tried to use firewalld instead of ufw, but it keeps showing the following errors even after manually downloading python-nftables through sudo apt install
iptables is not being used.
$ systemctl ...
- 51
5
votes
0
answers
3k
views
ip rule not acting on fwmark
I'm trying to use iptables to load balance web traffic over multiple DSL lines by marking the packets and routing based on the mark. I'm working with CentOS 6.6, Kernel 2.6.32-504.16.2.el6.x86_64, ...
- 51
5
votes
1
answer
2k
views
IP rule table look up does not seem to work
I have a sytem with three network interfaces. Below is the configuration that I'm trying to set up.
wlan0 (its actually an WiFi AP interface) - other devices connects via this interface.
net1 - ...
- 51
5
votes
0
answers
4k
views
iptables hangs at applying rules
I have a set of rules that are supposed to give me the most protection before things like fail2ban and other things are added to the mix. The issue is that although everything checks out in the test, ...
- 761
5
votes
0
answers
1k
views
iptables rule no actions on scapy packets
I wrote this rule to change all udp destination IP addresses to 8.8.8.8 when dport is 53:
iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.8.8
The rule worked when I ...
- 3,319
4
votes
0
answers
2k
views
How can I restrict the network access of a systemd service?
I have a custom systemd service which I want to restrict to the local interface. On ctrl.blog systemd application firewalls examples I found that it should be possible to achieve this using only the ...
- 619
4
votes
1
answer
2k
views
fail2ban with iptables-persistent
I've been running fail2ban for a bit, and recently installed iptables-persistent and am using it with ipset for a blacklist (there's one particular IP that is always hammering away at this machine). ...
- 319
4
votes
1
answer
196
views
Map a port to another on same machine
I have all the traffic coming on port 22. I chose a random port 221 on which i want all of the traffic to be routed.
This is the rule i used
iptables -t nat -A PREROUTING -p tcp --dport 22 -j ...
- 41
4
votes
0
answers
625
views
How to forward MITM traffic through SSH tunnel?
Using the arpspoof command I have created a MITM attack on another device. I would now like to forward the traffic through an SSH tunnel (SOCKS5 Proxy). Heres an example....
Client 1-----MITM----->...
- 221
4
votes
0
answers
1k
views
How to make Linux stop sending IPv6 ICMP redirects?
In case of IPv4 we have net.ipv4.conf.all.send_redirects flag, but it's not available for IPv6. Is there anything better than this?
ip6tables -A OUTPUT -p icmpv6 --icmpv6-type redirect -j DROP
For ...
- 41
4
votes
1
answer
3k
views
How to add multiple user.rules in ufw?
I know you can add rules one by one. But is there a way to add rules in one go -
For instance, this is how you add rules in ufw in Debian -
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ...
- 12.5k
4
votes
0
answers
2k
views
Linux brouting with ebtables, filter and forward EAPoL frames
Given 3 ethernet interfaces, I'd like to accomplish this:
eth0 -> WAN
eth1 -> EAPoL authenticator
eth2 -> IP Nat to private network
In this scenario, I would like ebtables to filter and ...
- 163