Questions tagged [iptables]
Iptables is a module that provides the Linux operating system functions of firewall, NAT and logging of data traveling over a computer network.
1,911
questions
79
votes
2
answers
37k
views
Does tcpdump bypass iptables?
I mistakenly setup open resolver DNS server, which was soon used for a bunch of DDoS attacks originating somewhere from / to Russia. For that reason I completely blocked port 53 on both DNS servers ...
- 2,381
64
votes
9
answers
107k
views
How can I check if an iptables rule already exists?
I need to add a rule to iptables to block connections to a tcp port from the Internet.
Since my script may be called multiple times and there is not a script to delete the rule, I want to check if ...
- 744
56
votes
2
answers
433k
views
need iptables rule to accept all incoming traffic
For my test environment i want to accept all incoming traffic, can someone please give me the iptable rule to be added.
My current iptables -L -n output looks like this
Chain INPUT (policy ACCEPT) ...
Ashish Kumar Shah
42
votes
1
answer
34k
views
iptables vs route
What's the difference between these two tools?
Can anybody tell me what the main workflow of networking behind Linux (in relation to IPv4 packet filtering, NAT and IP routing table) is?
- 1,280
42
votes
1
answer
39k
views
show interfaces in iptables -L
Is there a way to show the network interfaces via iptables -L in Ubuntu 12.04?
When I execute an iptables -L I get an output like this :
Chain INPUT (policy DROP)
target prot opt source ...
- 525
41
votes
3
answers
86k
views
No idea what is listening on port 80 in OS X
I'm on OSX Mountain Lion 10.8.3, and I've freshly rebooted my Mac.
I want to start a service (like Apache on port 80), but there is already something going on with port 80:
telnet localhost 80
...
- 523
33
votes
2
answers
96k
views
What are the iptables rules to permit ntp?
My server's clock is wrong because the firewall doesn't permit ntp traffic.
What are the iptables rules required to allow the ntp client to get out and back?
Any suggestions how to implement those ...
- 928
32
votes
2
answers
34k
views
What's the difference between iptables "state" and "ctstate"?
I saw this iptables snippet in a different Super User answer:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
...
- 5,826
30
votes
6
answers
28k
views
With Linux iptables, is it possible to log the process/command name that initiates an outbound connection?
I would like to keep track of the processes that initiate outbound connections on a Linux desktop. The best I can come up with is this:
iptables -A OUTPUT -m state --state NEW -j LOG --log-uid
This ...
- 443
28
votes
3
answers
214k
views
How to verify if iptables is running or the firewall is activated
When I run on my linux Redhat version 6.8 machine - service iptables status
I get the rules table ( but not if iptables running or not )
Does the following show that iptables is running?
# ...
- 851
26
votes
5
answers
54k
views
iptables/1.8.2 Failed to initialize nft: Protocol not supported
I'm having a problem using iptables on my Raspberry PI.
I've just downloaded a fresh version of Raspbian Lite on my PI and all I'm trying to do is check my iptables rules but it's not working and I'm ...
- 261
24
votes
5
answers
117k
views
Deny all incoming connections with iptables?
I want to make some simple iptables rules to deny all incoming connections and allow outgoing. How can I do that?
- 441
24
votes
3
answers
176k
views
How to block all ports except 80,443 with iptables? [duplicate]
Blocking all ports(in and out) is easy but it's hard with the word "except". I don't know any rules that satisfies the condition.
PS: I know this question is nothing new. But in fact, I didn't find ...
- 375
23
votes
1
answer
38k
views
How to negate a range in iptables?
I've seen people use the exclamation mark (!) in multiple examples, but when I try to use it I get an error.
The rule I'm trying:
-A OUTPUT -m owner --gid-owner 1006 -d ! 192.168.1.0/24 -j DROP
The ...
- 385
23
votes
1
answer
23k
views
Remove port aliases in iptables
How can I make iptables show me port numbers instead of aliases for well known port numbers (eg. http for 80, https for 443 etc.). Is there a way to make it show just port numbers at all times?
- 419
20
votes
3
answers
68k
views
Iptables redirect to localhost?
Suppose I have a network with a server routing all connections from inside the network to the Internet. How can I set up iptables so that instead of routing incoming connections to the Internet, it ...
- 517
19
votes
3
answers
31k
views
What does an empty iptables mean?
I’m using CentOS and when type in the following iptables command:
iptables -L -v
The output is as follows:
Chain INPUT (policy ACCEPT 19614 packets, 2312K bytes) pkts bytes target prot opt in ...
- 293
18
votes
5
answers
8k
views
Are IPv4 ports separated from IPv6 ports?
Is it possible for a host to have different open ports for IPv4 and IPv6 stack? For example, is it feasible to have the port 22 open only for IPv6 and not for IPv4 and vice versa? Also when I tried to ...
- 191
18
votes
2
answers
67k
views
Windows 10 - NAT - Port forwarding & IP masquerade
I'm looking for a way to get iptables functionality in windows 10. I enabled IP routing and I need to forward tcp data to another host (port 8080) and then forward his response while masquerading IP. ...
- 181
17
votes
1
answer
13k
views
How to transparently tunnel a port from IPv4 to a remote IPv6 device?
At home, I am connected with an IPv6 address and additionally, my provider provides a NAT-like setup through which I receive a public IPv4 address that I share with other customers (the reason being ...
- 599
17
votes
1
answer
19k
views
what does "-m tcp" mean in this iptables rule?
Firewall configuration written by system-config-firewall
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- 283
16
votes
1
answer
23k
views
pfctl port forwarding in Mac osx?
-A PREROUTING -s 10.0.10.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -s 10.0.10.0/24 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
-A POSTROUTING -s 10.0.10.0/24 -o ...
- 405
16
votes
1
answer
42k
views
What are the IP ranges to block the entire Russian Federation? [closed]
Every single morning the Russian Federation keeps attacking our sites. Every single day I block their IP address and every single day they use a new sub net. I tried:
-A INPUT -s 4.53.0.0/16 -j DROP
-...
- 1,685
13
votes
1
answer
12k
views
Linux iptables NAT of an entire /24 subnetwork
My purpose is to NAT (translate) all IP addresses that reach eth0 on all ports and protocols this way:
192.168.55.x -> 192.168.42.x
(I have ip forwarding enabled and 192.168.42.0/24 subnetwork is on ...
- 243
13
votes
1
answer
18k
views
Disable or block outgoing email
To do web site testing, how can I disable or block the Centos server to not send out emails.
Now, if I run in command line
mail [email protected]
I can send out emails. This is not good for website ...
- 375
13
votes
6
answers
102k
views
How to permanently disable firewall in Red Hat Linux
I have followed the below steps to disable the firewall in Linux. After reboot, again firewall is enabled. How to disable firewall permanently?
Login as the root user.
Next enter the following three ...
- 131
13
votes
2
answers
3k
views
Allow traffic through a firewall to a dynamic IPv6 address
Suppose I have this configuration on IPv4 right now:
My router (a Linux box) is connected to the Internet on eth0 and my LAN on eth1. I want to forward port 80 to 10.1.2.3. Here's how I'd currently ...
12
votes
4
answers
30k
views
OpenVPN connection through SSH tunnel
I'm currently visiting China, so I have some options for VPNs set up. However, my VPN servers have a habit of suddenly disappearing from the network after I've used them for a while.
I thought it ...
- 221
12
votes
1
answer
26k
views
tc / iproute2, how to list the configuration
This is my first time using traffic shaping and I am wondering how I can list the rules I applied like you can with iptables?
Walter
- 1,009
12
votes
6
answers
59k
views
How to block sites with iptables
I would like to block sites using iptables. How do I go about this, and how do I ensure that the iptables rules are saved?
- 191
12
votes
2
answers
56k
views
IPTables module ip_tables not found for root
We got a custom build Linux distribution from a vendor, which is not shipped with iptables enabled.
root@xxxx:~# iptables -L
modprobe: FATAL: Module ip_tables not found.
iptables v1.4.21: can't ...
- 223
12
votes
1
answer
27k
views
Mirror Port via iptables
I have a dedicated Linux (Debian 7.5) root server, with a number of guests set up. The guests are KVM instances, and get network access via bridge-utils (NAT, internal IPs, use the host as a gateway). ...
- 365
11
votes
2
answers
25k
views
How to use NAT iptables rules for hostapd
My PC is equipped with two net interfaces, wlan0 & eth0, and I want to use WiFi port as an access point on wlan0.
I used hostapd facility and it works properly in routing mode within the local ...
- 219
11
votes
2
answers
43k
views
Using iptables to redirect ip address
I have the requirement on a Linux system where the Linux device is using RSYNC to sync data to another Linux machine. This is working fine at the moment, however I need to move one of the machines to ...
- 603
11
votes
1
answer
10k
views
Opening a port with firewalld doesn't seem to work
I have configured sshd to live on a different port. I have opened that port using firewalld:
$ sudo firewall-cmd --zone=public --add-port=22000/tcp --permanent
Listing rules shows port 22000 is ...
- 490
11
votes
2
answers
15k
views
Ubuntu IPTables allow only allow 1 country
So I've been looking around on the net for a script that will drop all traffic to all ports except the http(80) and https(443) ports, and then only allow traffic on all other ports from country x (...
- 213
10
votes
1
answer
22k
views
What is command to look list of redirect rules, iptables
im using command like this :
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.118 --dport 4080 -j DNAT --to-destination 192.168.1.118:4088
My question what is command to look all rules in the ...
- 103
9
votes
1
answer
56k
views
iptables duplicate traffic to another ip
This blog post has a template iptables rule to forward traffic, to and from the router to another ip address.
iptables -t mangle -A POSTROUTING \
-d [IP to spy on] \
-j ROUTE –tee –gw [IP ...
- 405
9
votes
3
answers
5k
views
Iptables forwarding port/s to a external IP transparently (remote end should see the actual source IP)
The question is simple but I think the answer might not be as I went through countless related topics with no concrete reply.
I wish to forward a port 1234 from x.x.x.x to y.y.y.y (both on internet ...
- 91
9
votes
1
answer
2k
views
SSH to Vmware virtual machine with NAT network [duplicate]
right now I am able to ssh to host over internet and ssh from host to the virtual machine. What I want to do is ssh directly to the Guest machine from outside.
I tried to do this using iptables:
...
- 203
8
votes
2
answers
21k
views
Limit and limit burst in IPTABLES
For some reason I am not able to understand the concept of limit and limit burst in IPTABLES. Could anyone please help me here !
Thank you!
- 277
8
votes
2
answers
9k
views
Deleting a IP from blacklist iptables
I created a blacklist using ipset and iptables called "blacklist", now i would like to know how i edit "blacklist" to remove or add IP's.
Anyone knows?
- 151
8
votes
2
answers
18k
views
How to allow FORWARDing with firewalld on a Fedora 19 router
I've just installed Fedora 19 and I'm using firewalld instead of iptables, but I'm having difficulty interpretting the new terminology.
I have 2 NICs. One is specificed ZONE="internal" and the other "...
- 261
8
votes
1
answer
10k
views
Will increasing number of rules in iptables slow down my internet
How much impact will the rules have on speed, if we are using match to queue the packets.
- 471
8
votes
1
answer
18k
views
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
I'll confess at the start that I'm asking this question only after finding the answer and wanting to share it with everyone else. If this is bad form, then my sincere apologies and I'm open to the ...
- 321
8
votes
1
answer
20k
views
Can ping but can't connect (curl, wget, apt-get, etc.) (rasberry pi server)
Background:
I am trying to set up a rasberry pi server. Everything was going well and my pi could apt-get update etc, until I got the port forwarding to work and ssh to work outside of the LAN. I ...
- 193
8
votes
2
answers
14k
views
Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443
I have a new VPN connection (using openvpn) to allow me to route around some ISP restrictions. Whilst it is working fine, it is taking all the traffic over the vpn. This is causing me issues for ...
- 355
8
votes
1
answer
18k
views
How do I forward traffic between Tun device and eth0?
In summary, I would like to have Tun device traffic forwarded
back and forth through another network interface that has internet
connection. While I can see the traffic going out to internet and ...
- 183
7
votes
1
answer
12k
views
firewall-cmd - add-forward-port don't work
I have a KVM server (host) with multiple virtual machines (guests).
My goal is my host forward port 222 to port 22 of a guest running an ssh service.
This works...
iptables -I OUTPUT -d 0.0.0.0/0 -...
- 1,254
7
votes
2
answers
40k
views
How forward packets from network interface to another
My problem is forward packets from eth2 that is my LAN to eth1 that has access to internet, to allow eth2 to access to internet, here my configuration:
auto eth1
iface eth1 inet static
address ...
- 73