Hola Narcis
> Algú té bones referències de iptables?
Fa temps vaig comprar aquest llibret (91 pàgines) que trobo molt
pràctic tot i ser del 2004:
https://www.oreilly.com/library/view/linux-iptables-pocket/9780596801861/
Salut,
Alex
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Alex Muntada
⢿⡄⠘⠷⠚⠋ Deb
Bon dia,
Arreu trobo guies per a encaminar el trànsit de xarxa d'una manera o una
altra a través de GNU/Linux, utilitzant iptables.
Però no trobo cap manual complet amb TOTES les comandes i TOTES les
opcions del programa iptables. A cada guia em descobreixen alguna cosa
més, i no sé a què atenir
Perquè vols fer servir iptables 'a pelo'?.
Jo faig servir shorewall
(https://shorewall.org/Documentation_Index.html) que em sembla un
interface molt més simple, però n'hi ha d'altres.
La sortida es també iptables, però és més fàcil estructurar les regles.
Daniel
El 14/11/20 a les 19:03
On 2020-11-06 11:43, Sven Hartge wrote:
Jesper Dybdal wrote:
* The CT target, to add the ftp helper. I fixed that by adding a bit of
native nft with the nft command after all the iptables(-nft) commands.
For the sake of the archive and people looking at this thread hoping for
some insight
Jesper Dybdal wrote:
> * The CT target, to add the ftp helper. I fixed that by adding a bit of
> native nft with the nft command after all the iptables(-nft) commands.
For the sake of the archive and people looking at this thread hoping for
some insight, please post your native nft rul
On 2020-10-16 12:25, I wrote:
I have a lot of iptables rules.
Is it correctly understood that the upgrade to Buster will
automatically install iptables-nft, and that iptablés-nft provides
complete and compatible support for the functionality of the old
iptables command, so I can expect my
Le vendredi 16 octobre 2020 à 14:12:55+0200, Jesper Dybdal a écrit :
>
> On 2020-10-16 12:35, Reco wrote:
> > Barring some kernel bugs - yes.
> > For instance, I've seen kernel panics because of simple:
> >
> > iptables -A INPUT -m conntrack --ctstate INVAL
On 2020-10-16 12:35, Reco wrote:
Barring some kernel bugs - yes.
For instance, I've seen kernel panics because of simple:
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
Aargh! I had not realized that I would have to be prepared for kernel
panics during the upgrade, so I really
Hi.
On Fri, Oct 16, 2020 at 12:25:23PM +0200, Jesper Dybdal wrote:
> I have a lot of iptables rules.
>
> Is it correctly understood that the upgrade to Buster will automatically
> install iptables-nft, and that iptablés-nft provides complete and compatibl
I have a lot of iptables rules.
Is it correctly understood that the upgrade to Buster will automatically
install iptables-nft, and that iptablés-nft provides complete and
compatible support for the functionality of the old iptables command, so
I can expect my iptables scripts to just work
d that was eating
> > > up my bandwidth allocation on a slow net connection.
> > >
> > > Is there a tut someplace to guide one in converting from iptables
> > > to this newer nftables? I'm assumeing its a similar utility.
> >
> > Sure, but I h
> > network spiders and bots that think they have to mirror my several
> > giga-byte site, 2 or 3 times a day. And that was eating up my bandwidth
> > allocation on a slow net connection.
> >
> > Is there a tut someplace to guide one in converting from iptables to
gt; Is there a tut someplace to guide one in converting from iptables to this
> newer nftables? I'm assumeing its a similar utility.
Sure, but I have not looked into ... I only read there will be a couple of
years transition period and somehow a compatibility layer is or can be
used.
Perhaps som
You're just inventing incorrect explanations
for whatever behavior you're seeing that you don't understand.
If an /etc/rc.local file exists and has the execute bit turned on, it
is executed AS ROOT at BOOT TIME, before there is any "logged in user".
> that has hidden the iptables stuff from
On Monday 24 August 2020 04:45:01 Andrei POPESCU wrote:
> On Du, 23 aug 20, 21:34:12, Gene Heskett wrote:
> > On Sunday 23 August 2020 15:45:22 Joe wrote:
> > > My server iptables is inherited from, I think, sarge, so it's
> > > probably not done optimally today. I
On Du, 23 aug 20, 21:34:12, Gene Heskett wrote:
> On Sunday 23 August 2020 15:45:22 Joe wrote:
> >
> > My server iptables is inherited from, I think, sarge, so it's probably
> > not done optimally today. It's an init script run from /etc/rcS.d.
>
> Ah,/etc/rc
On Sun, 23 Aug 2020 21:34:12 -0400
Gene Heskett wrote:
> On Sunday 23 August 2020 15:45:22 Joe wrote:
>
> >
> > My server iptables is inherited from, I think, sarge, so it's
> > probably not done optimally today. It's an init script run from
> > /etc/rcS.d.
&
On Sun, 2020-08-23 at 14:26 -0400, Gene Heskett wrote:
> Greetings all;
>
> Since the big conversion of file structs vs who owns what, which
> apparently includes running rc.local as the logged in user and not
> as
> root, that has hidden the iptables stuff from everybod
On Sunday 23 August 2020 16:10:10 deloptes wrote:
> Hi Gene,
>
> Gene Heskett wrote:
> > Since the big conversion of file structs vs who owns what, which
> > apparently includes running rc.local as the logged in user and not
> > as root, that has hidden the iptables st
ser and not
> > as root, that has hidden the iptables stuff from everybody but root
> > since its not now in the users $PATH.
> >
> > So what is the best way to assure this stuff gets started during a
> > reboot or restart of X? Stuff that s/b running regardless of any X
&
Hi Gene,
Gene Heskett wrote:
> Since the big conversion of file structs vs who owns what, which
> apparently includes running rc.local as the logged in user and not as
> root, that has hidden the iptables stuff from everybody but root since
> its not now in the users $PATH.
>
On Sun, 23 Aug 2020 14:26:19 -0400
Gene Heskett wrote:
> Greetings all;
>
> Since the big conversion of file structs vs who owns what, which
> apparently includes running rc.local as the logged in user and not as
> root, that has hidden the iptables stuff from everybody but r
Greetings all;
Since the big conversion of file structs vs who owns what, which
apparently includes running rc.local as the logged in user and not as
root, that has hidden the iptables stuff from everybody but root since
its not now in the users $PATH.
So what is the best way to assure
s to be translated to
> an ipv4 address somehow, and I may have inadvertently blocked it with
> an iptables rule in my war against the robots that were burning up my
> upload bandwidth.
>
> How do I go about determiniing that KCKB's ip address? Or, how is
> that determined?
>
> Thanks.
up.
> I use the gkrellm weather pluggin to get me an uptodate weather report
> from the nearby airports call sign, but this has to be translated to an
> ipv4 address somehow, and I may have inadvertently blocked it with an
> iptables rule in my war against the robots that were burning
s to be translated to an
> ipv4 address somehow, and I may have inadvertently blocked it with an
> iptables rule in my war against the robots that were burning up my
> upload bandwidth.
>
> How do I go about determiniing that KCKB's ip address? Or, how is that
> determined
it with an
iptables rule in my war against the robots that were burning up my
upload bandwidth.
How do I go about determiniing that KCKB's ip address? Or, how is that
determined?
Thanks.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and
On Sb, 20 iun 20, 14:37:34, Tom Browder wrote:
>
> I have no love for iptables and very little experience with it. So it seems
> I should remove the iptables package and install the nftables one. And I'll
> look into firewalld which I tried briefly some years ago.
In case you are
On Sat, Jun 20, 2020 at 12:44 Ben Lavender wrote:
> Personally I'd learn nf_tables because that's the way forward and if you
> stick to it's CLI then the better.
>
Thanks, Ben.
-Tom
On Sat, Jun 20, 2020 at 10:48 wrote:
> Hi,
>
...
> Actually, as explained on https://wiki.debian.org/nftables, Buster uses
> an "iptables-nft layer (i.e, using iptables syntax with the nf_tables
> kernel subsystem). This also affects ip6tables, arptables and ebtables.
, wrote:
> I see it's recommended that Buster users use nftables, but the default
> installation still uses iptables!
>
> I need to change ports on my new remote server to allow http and https
> traffic, but should I keep using iptables? Or should I remove iptables
> and inst
Hi,
20 juin 2020 à 16:24 de tom.brow...@gmail.com:
> I see it's recommended that Buster users use nftables, but the default
> installation still uses iptables!
>
True & false.
Actually, as explained on https://wiki.debian.org/nftables, Buster uses an
"iptables-nft layer (i
I see it's recommended that Buster users use nftables, but the default
installation still uses iptables!
I need to change ports on my new remote server to allow http and https
traffic, but should I keep using iptables? Or should I remove iptables
and install nftables first?
If I keep iptables
Merci à tous pour les réponses. La réécriture avec nftables m'obligera à
repenser mes règles iptables, au fond ce n'est pas plus mal.
François
>> Comment appréhender la phrase : " Iptables n'est plus qu'une façade ? "
>> Je dois crépir ou décrépir mes configurations Iptables ?
> Depuis Debian Buster, iptables (+ip6tables+arptables+ebtables) utilise
> nftables comme back-end.
> C'est le module kerne
Sun, 7 Jun 2020 14:23:20 +0200
G2PC écrivait :
>
> > nftables est le nouveau standard de contrôle du trafic réseau.
> > Sur une Debian Testing, iptables n'est plus qu'une façade pour nftables.
> > C'est le cas depuis Debian Buster (stable actuelle).
>
> Co
> nftables est le nouveau standard de contrôle du traffic réseau.
> Sur une Debian Testing, iptables n'est plus qu'une façade pour nftables.
> C'est le cas depuis Debian Buster (stable actuelle).
Comment appréhender la phrase : " Iptables n'est plus qu'une façade ? "
Je dois
Wed, 27 May 2020 18:00:41 +0200
Francois Meyer écrivait :
> Bonjour à tous
>
> Je vois que iptables est "remplacé" par nftables.
>
> C'est pour un portable de travail sous testing. Mon ancien avait
> iptables et toutes les règles qui me vont bien.
>
> Je n'
Wed, 27 May 2020 18:00:41 +0200
Francois Meyer écrivait :
> Bonjour à tous
Bonjour François,
> Je vois que iptables est "remplacé" par nftables.
Je vois que ta quetion est restée sans réponse.
> C'est pour un portable de travail sous testing. Mon ancien avait
> iptable
Recherche de fainéant pour recommander Iptables / Netfilter au SILL
( Fainéant / Référent )
J'ai testé le dépôt du SILL hier, pour une recherche sur Iptables /
Firewall / pare-feu, car je cherchais un outil d'analyse de log, et, je
n'ai rien trouvé.
J'ai constaté que une seule réponse est
Bonjour à tous
Je vois que iptables est "remplacé" par nftables.
C'est pour un portable de travail sous testing. Mon ancien avait
iptables et toutes les règles qui me vont bien.
Je n'ai pas tellement envie d'apprendre une nouvelle syntaxe. Ne
ferais-je pas mieux d'installer ipta
k geen NXDOMAIN ;-)
> Maar inderdaad: ik doe normaal ook -nL
>
> Zie bij iptables sowieso altijd liever IP's dan dns namen.
Ik weet niet beter :)
--
richard lucassen
http://contact.xaq.nl/
Hoi!
On 3/30/20 2:16 PM, Richard Lucassen wrote:
Gebruik iptables -nL dan heb je dat reverse lookup gezeur niet. Er zijn
altijd figuren die de boel niet op orde hebben en bovendien gaat -n
vele malen sneller, ook al werkt de DNS.
Maar is het punt niet dat ook wanneer lieden hun DNS niet op
achter elkaar
"iptables -L", en tien keer even langzaam op de IP's.
Ook nadat ik de cache eerst 'geladen' heb met "host 45.142.195.2"
MJ
Hoi,
On 3/30/20 2:43 PM, Richard Lucassen wrote:
Ik heb wel op een firewall met 3000 rules dat de -L blijft hangen op
een server die niet werkt:
$ host 198.17.62.23
;; connection timed out; no servers could be reached
Dat is helemaal geen antwoord. Het
17.198.in-addr.arpa
domein heeft geen
On Mon, 30 Mar 2020 14:33:32 +0200
Richard Lucassen wrote:
> > Echter: beide "not founds" zijn instant.
>
> En ook als je dat na die "host " doet? Dan zit de NXDOMAIN in de
> cache.
Ik heb wel op een firewall met 3000 rules dat de -L blijft hangen op
een server die niet werkt:
$ host
On Mon, 30 Mar 2020 12:51:54 +0200
mj wrote:
> Weet iemand waar ik iets zou kunnen checken?
Hier geprobeerd, de eerste keer 3 sec, de tweede keer (cache) net zo
snel als -n
--
richard lucassen
http://contact.xaq.nl/
On Mon, 30 Mar 2020 12:51:54 +0200
mj wrote:
> Maar: ik verwacht dus dat er op dat systeem een probleem is mbt dns
> resolving. Dus verwacht dat het volgnde ook traag is:
>
> > root@server:/etc# host 45.142.195.2
> > Host 2.195.142.45.in-addr.arpa. not found: 3(NXDOMAIN)
> > root@server:/etc#
On Mon, 30 Mar 2020 12:51:54 +0200
mj wrote:
> Ik zie op een machine dat iptables -L output blijft hangen op IP
> adressen:
Gebruik iptables -nL dan heb je dat reverse lookup gezeur niet. Er zijn
altijd figuren die de boel niet op orde hebben en bovendien gaat -n
vele malen sneller,
On Mon, Mar 30, 2020 at 12:51:54PM +0200, mj wrote:
> Hoi,
>
> Ik zie op een machine dat iptables -L output blijft hangen op IP adressen:
>
> > target prot opt source destination
> **5 sec delay
> > REJECT all -- 45.142.195.2
Hoi,
Ik zie op een machine dat iptables -L output blijft hangen op IP adressen:
target prot opt source destination
**5 sec delay
REJECT all -- 45.142.195.2 anywhere reject-with
icmp-port-unreachable
REJECT all -- ip-38-66.ZervDNS
Hi,
[]
> Right, your basic problem is that your interfaces are now names
> enp7s0
> and
> wlp6s0
>
> not eth0 and wifi0 or whatever they used to be.
>
> Fix them in /etc/network/interfaces, double check your iptables rules
> are either using the new names or don'
c/network/interfaces"
>> > failed.
>
> Right, your basic problem is that your interfaces are now names
> enp7s0
> and
> wlp6s0
>
> not eth0 and wifi0 or whatever they used to be.
>
> Fix them in /etc/network/interfaces, double check your iptables
> rules are either using the new names or don't mention interfaces
> at all, and you should be relatively happy.
or boot with the param to the kernel
net.ifnames=0
songbird
are now names
enp7s0
and
wlp6s0
not eth0 and wifi0 or whatever they used to be.
Fix them in /etc/network/interfaces, double check your iptables
rules are either using the new names or don't mention interfaces
at all, and you should be relatively happy.
-dsr-
Cleaning up temporary files
> [ ok ] Setting up ALSA...done.
> [ ok ] Setting sensors limits...done.
> [] Loading netfilter rules...run-parts: executing
> /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
> Bad argument `COMMIT'
> Error occurred at line: 4
> Try `ipta
William Torrez Corea wrote:
> Still don't get results positive. Now, i get the following message:
>
> Internet Systems Consortium DHCP Client 4.4.1
> Copyright 2004-2018 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
>
> can't
.done.
> [ ok ] Setting sensors limits...done.
> [] Loading netfilter rules...run-parts: executing
> /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
> Bad argument `COMMIT'
> Error occurred at line: 4
> Try `iptables-restore -h' or 'iptables-restore --help' for more
Hi.
On Wed, Feb 26, 2020 at 09:20:34PM +, William Torrez Corea wrote:
> Exactly, i wan't reformulate the question.
>
> What should I change there to get these errors disappear?
>
> I'm trying to change some values for example in
>
> /etc/iptables/rule
Exactly, i wan't reformulate the question.
What should I change there to get these errors disappear?
I'm trying to change some values for example in
/etc/iptables/rules.v6
# Generated by xtables-save v1.8.2 on Mon Aug 5 19:42:00 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT
> /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
> Bad argument `COMMIT'
> Error occurred at line: 4
And whatever is in /etc/iptables/rules.v4 - it's not a valid output of
iptables-save.
Now, to answer the question "what should I change there to get these
errors disappear&quo
William Torrez Corea wrote:
> [] Loading netfilter rules...run-parts: executing
> /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
> Bad argument `COMMIT'
> Error occurred at line: 4
> Try `iptables-restore -h' or 'iptables-restore --help' for more
> information.
.
[ ok ] Cleaning up temporary files
[ ok ] Setting up ALSA...done.
[ ok ] Setting sensors limits...done.
[] Loading netfilter rules...run-parts: executing
/usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Bad argument `COMMIT'
Error occurred at line: 4
Try `iptables-restore -
iptables 1.8.4-3 landed in unstable and iptables/ufw now works.
thanks! :)
songbird
to partially downgrade to get a working connection
again.
put my hold back on iptables. i'd had a hold on it for
a while due to reported errors. no idea why i decided i
should try to let it go through this morning. i'm kinda
tied up for a few weeks...
Maybe similar. Yesterday, after dist-upgrade
>>> so was able to partially downgrade to get a working connection
>>> again.
>>>
>>>put my hold back on iptables. i'd had a hold on it for
>>> a while due to reported errors. no idea why i decided i
>>> should try to let it go through
on iptables. i'd had a hold on it for
a while due to reported errors. no idea why i decided i
should try to let it go through this morning. i'm kinda
tied up for a few weeks...
Maybe similar. Yesterday, after dist-upgrade and reboot the network
interface seemed not to be working (for instance, none
On 2/11/20, songbird wrote:
> something in there didn't work today when i applied
> the upgrade.
>
> i don't have time to debug or file reports at the moment,
> so was able to partially downgrade to get a working connection
> again.
>
> put my hold back on i
something in there didn't work today when i applied
the upgrade.
i don't have time to debug or file reports at the moment,
so was able to partially downgrade to get a working connection
again.
put my hold back on iptables. i'd had a hold on it for
a while due to reported errors. no idea
On Fri, 2020-01-10 at 01:52 +0500, Alexander V. Makartsev wrote:
>
> The answer to your question, I believe, should look like this:
> "iptables -I FORWARD -s 23.132.208.0/24 -j DROP"
Thanks! That is what I am looking for.
To be clear, I'm doing something much more complex,
On 10.01.2020 00:46, Jim Popovitch wrote:
> Hello!
>
> Is there a way to have iptables DROP before PREROUTING.
>
> Consider this bit of rules on a home firewall, where 24.126.xx.yy is my
> home external IP address.
>
> -
> iptables -P INPUT DROP
> iptabl
Hi.
On Thu, Jan 09, 2020 at 02:46:25PM -0500, Jim Popovitch wrote:
> Is there a way to have iptables DROP before PREROUTING.
What you meant is "before PREROUTING in nat". It's an important bit, see
below.
> What I want to do is prevent 23.132.208.0/24 from accessing a
Hello!
Is there a way to have iptables DROP before PREROUTING.
Consider this bit of rules on a home firewall, where 24.126.xx.yy is my
home external IP address.
-
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
Procure por iptables TEE
https://superuser.com/questions/853077/iptables-duplicate-traffic-to-another-ip
Em qui., 2 de jan. de 2020 às 09:44, Helio Loureiro
escreveu:
> O que vc quer fazer parece ser um loadbalancer. iptables não faz. Vc
> precisa de algo como nginx ou apache webserv
O que vc quer fazer parece ser um loadbalancer. iptables não faz. Vc
precisa de algo como nginx ou apache webserver pra fazer isso com reverse
proxy.
./helio
On Wed, Dec 18, 2019, 01:28 Caio Ferreira wrote:
> Lista
>
> Através do iptables, no computador gateway da rede eu
Lista
Através do iptables, no computador gateway da rede eu consegui redirecionar
o tráfego para um determinado IP e porta de um host da rede. Eu queria
saber se seria possível através do iptables fazer uma cópia dos dados para
um segundo IP e porta.
Esse segundo host é um servidor de log
On 17/12/19 5:06 pm, Richard Hector wrote:
> Hi all,
>
> I've got a networking issue that's confusing me.
Got it, I think.
I had previously been applying rules before switching to iptables-legacy
- so I'd been adding nftables rules. Then I switched, without flushing
(or rebooting)
(in the iptables output) that the packet
is going through the interface I expect (enp4s0.1441)
Any ideas? I suspect it's something silly I've just failed to spot ...
Note that yesterday, when I was on site, I wasn't trying this, but had
similar problems with traffic going out - dns packets were being
accepted
Le 10/12/2019 à 20:13, nektarios a écrit :
Pascal Hambourg wrote:
Maybe a "MTU black hole" issue with PPPoE.
Workarounds :
- lower the MTU on the client side to 1492
- add a "TCPMSS --clamp-to-pmtu" iptables rule on the router
(...)
The tip you gave me really did the jo
On Tue, 10 Dec 2019 09:26:46 +
Nektarios Katakis wrote:
> On Tue, 10 Dec 2019 07:22:05 +0100
> Pascal Hambourg wrote:
>
> > Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
> > >
> > > I am running an iptables firewall on an openwrt router I ve
On Tue, 10 Dec 2019 07:22:05 +0100
Pascal Hambourg wrote:
> Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
> >
> > I am running an iptables firewall on an openwrt router I ve got.
> > Which acts as Firewall/gateway and performs NATing for my internal
> > netwo
Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
I am running an iptables firewall on an openwrt router I ve got. Which
acts as Firewall/gateway and performs NATing for my internal network -
debian PCs and android phones.
All good but specific web sites are not loading for the machines
On 12/10/2019 12:01 AM, Nektarios Katakis wrote:
> Hello,
>
> I am running an iptables firewall on an openwrt router I ve got. Which
> acts as Firewall/gateway and performs NATing for my internal network -
> debian PCs and android phones.
>
> All good but specific web
Hello,
I am running an iptables firewall on an openwrt router I ve got. Which
acts as Firewall/gateway and performs NATing for my internal network -
debian PCs and android phones.
All good but specific web sites are not loading for the machines that
are sitting behind the home router.
When
On Monday 02 December 2019 07:46:22 Alessandro Vesely wrote:
> On Mon 02/Dec/2019 10:35:26 +0100 Andrei POPESCU wrote:
> > You might want to install iptables-persistent, otherwise you'll have
> > to roll-out your own solution.
>
> I'm not using iptables-persistent, but
On Mon, Dec 02, 2019 at 01:46:22PM +0100, Alessandro Vesely wrote:
> ### BEGIN INIT INFO
> # Provides: netfilter-persistent
> # Required-Start:mountkernfs $remote_fs
> # Required-Stop: $remote_fs
> # Default-Start: S
> # Default-Stop: 0 1 6
> # Short-Description: Load
On Mon, Dec 02, 2019 at 01:46:22PM +0100, Alessandro Vesely wrote:
> On Mon 02/Dec/2019 10:35:26 +0100 Andrei POPESCU wrote:
> >
> > You might want to install iptables-persistent, otherwise you'll have to
> > roll-out your own solution.
>
> I'm not using iptables-
On Mon 02/Dec/2019 10:35:26 +0100 Andrei POPESCU wrote:
>
> You might want to install iptables-persistent, otherwise you'll have to
> roll-out your own solution.
I'm not using iptables-persistent, but just looked at it out of curiosity.
Its LSB:
### BEGIN INIT INFO
#
On Monday 02 December 2019 04:35:26 Andrei POPESCU wrote:
> On Du, 01 dec 19, 22:28:43, Gene Heskett wrote:
> > It, iptables, did not get restarted on the fresh boot, so obviously
> > the systemd manager hasn't been informed to start iptables,
> > reloading from /etc
Le 28/10/2019 à 09:14, Andy Smith a écrit :
I will take a guess that the switching of the iptables commands to
use the nftables framework has somehow caused this iptable_filter
module to not be loaded even though the firewall still works.
Correct.
Is it a bug that loading rules
of the tables that are currently active
('filter', 'mangle', etc).
On my Debian 10 hosts, this file is empty even though they have
active rules loaded by iptables.
I then noticed that on my Debian 9 hosts, the modules iptable_filter
and ip6table_filter are loaded as soon as a rule is added to any
Iptables -I INPUT -s IP -j RETURN
Saludos Cordiales
Domingo Varela Y.
From: Roberto José Blandino Cisneros
Sent: Tuesday, October 15, 2019 2:43:36 PM
To: Debian ayuda
Subject: Re: iptables DROP
Cuando agregas una ip si existe una sesión no se aplicará la regla
- Original Message -
From: "Roberto José Blandino Cisneros"
To: "Debian ayuda"
Sent: Tuesday, October 15, 2019 4:43:36 PM
Subject: Re: iptables DROP
Cuando agregas una ip si existe una sesión no se aplicará la regla
hasta que el ip intente acceder nuevamente, esto
Cuando agregas una ip si existe una sesión no se aplicará la regla
hasta que el ip intente acceder nuevamente, esto da la sensación que
iptables no hace su trabajo.
Para ello basta cortar la sesión reiniciando el servicio al que esta
accediendo y luego ya el ip no podrá acceder al servicio al que
Le 10/10/2019 à 19:58, G2PC a écrit :
Voilà, cette partie a été traitée.
J'ai également remplacé :
-A INPUT -p tcp --sport 49152:65534 --dport 49152:65534 -m state --state
ESTABLISHED,RELATED,NEW -j ACCEPT
par
-A INPUT -p tcp --sport 49152:65534 --dport 49152:65534 -m state --state
e protocole NDP qui
> reprend, entre autre, le rôle d'ARP en IPv4 et qui s'appuie sur de
> l'ICMPv6. Autant en IPv4 tu ne peux pas bloquer l'ARP avec iptables,
> autant en IPv6 c'est assez facile de se couper les pattes en bloquant
> NDP ou plutôt en oubliant de l'autoriser
> NDP re
>Hola,
> >tengo un problema con iptables,
> >me está entrando tráfico que no es deseable desde una ip y
> >por más que filtro no hay manera, ¿alguna idea?
> >
> >iptables -A INPUT -s IP_a_bloquear -j DROP
> >
> >Reviso la regla y está guardada.
> >
&g
El 10 de octubre de 2019 16:14:19 CEST, miguel angel gonzalez
escribió:
>Hola,
>tengo un problema con iptables,
>me está entrando tráfico que no es deseable desde una ip y
>por más que filtro no hay manera, ¿alguna idea?
>
>iptables -A INPUT -s IP_a_bloquear -j DROP
>
&g
Tienes el log del iptables habilitado?
Igual podrías sacar info de ahí...
Slds,
El jue., 10 oct. 2019 a las 16:14, miguel angel gonzalez (<
mangelgonza...@gmail.com>) escribió:
> Hola,
> tengo un problema con iptables,
> me está entrando tráfico que no es deseable desde una ip
Hola,
tengo un problema con iptables,
me está entrando tráfico que no es deseable desde una ip y
por más que filtro no hay manera, ¿alguna idea?
iptables -A INPUT -s IP_a_bloquear -j DROP
Reviso la regla y está guardada.
Muchas gracias.
--
/m.a.
on obscurity, you do not have a security in the
first place.
Your INPUT rules can be probed.
Your FORWARD rules aren't relevant to your problem.
Your OUTPUT rules are, and they do nothing to protect you from the
hostile Internet.
So if you're asking why a certain iptables rule produces a
certain kernel
101 - 200 of 8543 matches
Mail list logo