On 24 May 2024 23:23:44 BST, Andy Smith wrote:
>You will likely get better performance if you switch to nftables and
>use an ipset to hold all the bans, though I've no idea how easy
>that is to configure with fail2ban.
It's easy, supported out of the box. I have been using nftables for years
Hi,
On Sat, May 25, 2024 at 06:04:34AM +0800, Northwind wrote:
> I have been using a KVM vps with 2G ram, 2 cores.
> due to fail2ban jobs, iptables in this vps has dropped 3000+ black IPs.
> may I ask how max iptables rules the VPS can have?
It depends upon the kind of rule but for
Hello
I have been using a KVM vps with 2G ram, 2 cores.
due to fail2ban jobs, iptables in this vps has dropped 3000+ black IPs.
may I ask how max iptables rules the VPS can have?
does many iptables rules influence the networking performance?
Thanks
On Mon, Aug 28, 2017 at 15:54 Joe wrote:
...
I confess to no specific knowledge here, but I suspect none of the
> firewall front-ends will accommodate an arbitrary iptables ruleset, as
> the front-ends impose their own structure which would almost certainly
> conflict.
>
On Mon, Aug 28, 2017 at 15:49 Alexander V. Makartsev <avbe...@gmail.com>
wrote:
> Smart way to do it is to setup a cron job to run shell script that will
> flush (or restore to default working ruleset) iptables rules every 10
> minutes.
Thanks, Alexander.
-Tom
On Mon, 28 Aug 2017 20:01:54 +
Tom Browder <tom.brow...@gmail.com> wrote:
> Installing and enabling ufw sounds easy, but how is the existing set
> of iptables rules treated? I want to use ufw on a remote server and
> losing ssh would be disastrous!
>
I confess to no speci
Smart way to do it is to setup a cron job to run shell script that will
flush (or restore to default working ruleset) iptables rules every 10
minutes.
With this approach, even if you mess up your iptables rules and loose
ssh, you can simply wait for 10 minutes and reconnect to ssh.
Take your time
Installing and enabling ufw sounds easy, but how is the existing set of
iptables rules treated? I want to use ufw on a remote server and losing
ssh would be disastrous!
Thanks.
-Tom
Patrick Schleizer a écrit :
>
> as I just learned on the mailing list, that at least the packages
> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
> modify iptables rules...
Firewall managers such as ufw, shorewall, firestarter...
Custom iptables
Le 12/11/2015 20:47, Pascal Hambourg a écrit :
> Patrick Schleizer a écrit :
>> as I just learned on the mailing list, that at least the packages
>> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
>> modify iptables rules...
> Firewall manager
Patrick Schleizer writes:
> I.e. two packages trying to add iptables rules at the same time and
> thereby failing to do so?
They can't do that as each call to iptables locks the table be operated
on. Without -w iptables exits when it can't get the lock. With -w it
waits.
Pascal Hambourg
Hi,
are there packages that modify the system's iptables rules?
Cheers,
Patrick
Patrick Schleizer <patrick-mailingli...@whonix.org> wrote:
> are there packages that modify the system's iptables rules?
fail2ban
miniupnpd
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Hi,
as I just learned on the mailing list, that at least the packages
fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
modify iptables rules...
Is there a chance for race conditions? I.e. two packages trying to add
iptables rules at the same time and thereby failing to do so
I think that the best solution would be for the script to construct a
single iptables command string and then run it.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
Patrick Schleizer <patrick-mailingli...@whonix.org> wrote:
> as I just learned on the mailing list, that at least the packages
> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
> modify iptables rules...
> Is there a chance for race conditions? I.e. t
On 03/25/2015 02:06 PM, Linux4Bene wrote:
Op Wed, 25 Mar 2015 11:46:21 +0100, schreef Diogene Laerce:
Hi,
I have a strange behavior of iptables lately : all rules are cleaned up
after a few minutes.
iptables-persistent is installed and if I reboot just after restoring
all rules,
all
Op Wed, 25 Mar 2015 11:46:21 +0100, schreef Diogene Laerce:
Hi,
I have a strange behavior of iptables lately : all rules are cleaned up
after a few minutes.
iptables-persistent is installed and if I reboot just after restoring
all rules,
all rules are still loaded. But a few minutes
Hi,
I have a strange behavior of iptables lately : all rules are cleaned up
after a few minutes.
iptables-persistent is installed and if I reboot just after restoring
all rules,
all rules are still loaded. But a few minutes later, they are all
cleaned up.
The same happens whenever I load them
On Saturday 24 January 2009, abdelkader belahcene abelahc...@gmail.com
wrote about 'how to store iptables rules':
please i want to save the iptables for next sessions,
now I have to run iptables after each reboot.
I tried iptables-save, it did't.
Search the archive, there was a discussion about
edits to my iptables
rules in a shell script that I source when I want to change them, I'm
not too worried about that, but you can see several alternate
solutions from the link above.
Hope this helps!
--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459
hi,
please i want to save the iptables for next sessions,
now I have to run iptables after each reboot.
I tried iptables-save, it did't.
thanks for help
bela
On Saturday 24 January 2009 12:34:52 abdelkader belahcene wrote:
hi,
please i want to save the iptables for next sessions,
now I have to run iptables after each reboot.
I tried iptables-save, it did't.
thanks for help
bela
Redirect it to a file:
iptables-save target-file
You will also
binwUFROmPogU.bin
Description: application/pgp-encrypted
msg.asc
Description: Binary data
On Mon, Jan 05, 2009 at 08:59:54PM +0100, Christoph Anton Mitterer wrote:
Hi.
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I mean the /etc/init.d scripts is long gone... ;)
Thanks,
Chris.
I used to use iptables, until I found Shorewall. It's
On Tue, 6 Jan 2009 11:35:32 -0500
Michael Pobega pob...@gmail.com wrote:
...
Edit: I resent this message because something went wrong with the
last...I have no clue what happened.
It hit the list encrypted.
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
On Mon, Jan 5, 2009 at 11:38 PM, Nate Bargmann n...@n0nb.us wrote:
* Christoph Anton Mitterer cales...@scientia.net [2009 Jan 05 14:02 -0600]:
Hi.
Which is the default/designated way in Debian to set up iptables rules
on system boot?
You could use post-up and pre-up hooks in /etc/network
Which is the default/designated way in Debian to set up iptables rules
on system boot?
The GPLed Firestarter can generate a set of script, though it rids any
CLI configurations.
--
Koh Choon Lin
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject
Hi.
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I mean the /etc/init.d scripts is long gone... ;)
Thanks,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
Christoph Anton Mitterer wrote:
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I would put them in an init.d script.
I mean the /etc/init.d scripts is long gone... ;)
Which script(s) are you referring to? I had to create my own.
- Ken
On Monday 2009 January 05 13:59:54 Christoph Anton Mitterer wrote:
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I've just been calling iptables-restore from rc.local and calling
iptables-save as needed. I'd love to know if there is a more official way
On Mon, 2009-01-05 at 12:31 -0800, Ken Teague wrote:
Which script(s) are you referring to? I had to create my own.
Uhm until iptables 1.2.7-8 or so a init.d script was provided with the
package...
Chris.
smime.p7s
Description: S/MIME cryptographic signature
* Christoph Anton Mitterer cales...@scientia.net [2009 Jan 05 14:02 -0600]:
Hi.
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I mean the /etc/init.d scripts is long gone... ;)
I've been using Firehol on client machines like my laptop or
stand-alone
The way I do it...
Create a file /etc/network/if-up.d/firewall.sh , make sure it is executable.
In that file put all the iptables rules you want and since it is bash
scripting you can get pretty fancy. Then in /etc/network/interfaces add the
following line to one of the interface definitions, 'up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a debian way to save and load iptables rule when system boot or
interface active?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
On Thu, 12 Jun 2008, Ding Honghui [EMAIL PROTECTED] writes:
Is there a debian way to save and load iptables rule when system boot or
interface active?
See scripts under /etc/network/if-{up,down}.d directories. Also,
interfaces(5) manual would be helpful.
Regards.
--
To UNSUBSCRIBE, email
Hi,
ich baue gerade eine kleine Firewall für dem Übergang zwischen Wlan und dem
restlichen Netzwerk, bisher habe ich meine Firewalls immer unter OBSD mit PF
oder PIXen erstellt, geht aber diesesmal aufgrund einiger Besonderheiten
nicht...
Ich stoße bei dem erstellen der rules auf ein Problem:
On Thu, Jun 01, 2006 at 12:07:15PM +0200, Chris C. wrote:
ich baue gerade eine kleine Firewall für dem Übergang zwischen Wlan und dem
restlichen Netzwerk, bisher habe ich meine Firewalls immer unter OBSD mit PF
oder PIXen erstellt, geht aber diesesmal aufgrund einiger Besonderheiten
Chris C. [EMAIL PROTECTED] schrieb am Thu, Jun 01, 2006 at 12:07:15PM +0200:
Hi,
ich baue gerade eine kleine Firewall für dem Übergang zwischen Wlan und dem
restlichen Netzwerk, bisher habe ich meine Firewalls immer unter OBSD mit PF
oder PIXen erstellt, geht aber diesesmal aufgrund
Am Donnerstag 01 Juni 2006 12:40 schrieb Christoph Haas:
On Thu, Jun 01, 2006 at 12:07:15PM +0200, Chris C. wrote:
[...]
Du benutzt eine etwas ungewöhnliche Reihenfolge. Normalerweise baut man
einen Regelsatz so auf, dass man das erlaubt, was erlaubt sein soll. Und
am Ende kommt die große
Gruesse!
* Chris C. [EMAIL PROTECTED] schrieb am [01.06.06 12:07]:
Hi,
ich baue gerade eine kleine Firewall für dem Übergang zwischen Wlan und dem
restlichen Netzwerk, bisher habe ich meine Firewalls immer unter OBSD mit PF
oder PIXen erstellt, geht aber diesesmal aufgrund einiger
Hi,
Chris C. wrote:
Hi,
[..]
wird die ja doch sehr grobe letzte Regel einfach ignoriert (vermutlich wegen
den Rejects darüber), setze ich -A INPUT -d localhost ganz nach oben, läuft
alles. Für eben diesen Fall gibts bei pf pass in quick (PF geht nach meinem
verständis erst alle Regeln
On Thu, Jun 01, 2006 at 12:07:15PM +0200, Chris C. wrote:
[...]
da die Rule am Ende angefügt wird und somit garnicht erst gelesen wird. Alle
Regeln entfernen oder irgendwie dazwischenquetschen ist ja auch nicht sehr
elegant.
Es gibt kein dazwischenquetschen aber es gibt ein Einfuegen an
Am Donnerstag 01 Juni 2006 15:44 schrieb Juergen Christoffel:
On Thu, Jun 01, 2006 at 12:07:15PM +0200, Chris C. wrote:
[...]
da die Rule am Ende angefügt wird und somit garnicht erst gelesen wird.
Alle Regeln entfernen oder irgendwie dazwischenquetschen ist ja auch
nicht sehr elegant.
Am Donnerstag, 1. Juni 2006 17:10 schrieb Chris C.:
Am Donnerstag 01 Juni 2006 15:44 schrieb Juergen Christoffel:
On Thu, Jun 01, 2006 at 12:07:15PM +0200, Chris C. wrote:
[...]
da die Rule am Ende angefügt wird und somit garnicht erst gelesen wird.
Alle Regeln entfernen oder irgendwie
On Thu, Jun 01, 2006 at 05:40:25PM +0200, Thomas Gräber wrote:
Im Gegensatz zu pf, wenn ich das richtig verstanden habe, arbeitet iptables
die Regeln von oben nach unten ab und nimmt die erste Regel, die passt, alle
darunter werden für das Paket dann ignoriert.
Jein: zwar arbeitet iptables
On Thu, Jun 01, 2006 at 05:10:19PM +0200, Chris C. wrote:
Am Donnerstag 01 Juni 2006 15:44 schrieb Juergen Christoffel:
Es gibt kein dazwischenquetschen aber es gibt ein Einfuegen an einer
bestimmten Position mittels -I int anstatt -A.
Ja, ich hatte die Doku auf netfilter.org zwar
Fellows,
I know the script /etc/init.d/iptables can be used to save
the rules. I made it save in the active rule set. But what is the
standard way to run /etc/init.d/iptables load active at boot
time. I manually added a symbolic link to the /etc/rcS.d folder for /etc/init.d/iptables
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Sun, 1 Aug 2004 16:17:07 +0300
Subject: How to save the iptables rules for booting?
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Fellows,
I know the script /etc/init.d/iptables can be used to save the rules.
I made it save
this. Is it? Please advice.
Regards,
-Nabil
-Original Message-
From: Jon [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 01, 2004 5:00 PM
To: Nabil MALIK / KTEFH - OTAS
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: How to save the iptables rules for booting?
Actually, calling
On Sun, Aug 01, 2004 at 05:40:57PM +0300, [EMAIL PROTECTED] wrote:
But that would be just like running /etc/init.d/iptables. But what we
need is running the command '/etc/init.d/iptables start'.
I tried to make a link with the start parameter like
ln -s /etc/init.d/iptables
eyer wrote:
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Debian w
On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a Debian way of doing
Thanks Adam, but there is no "/etc/init.d/iptables" file on SID?
Any other suggestions?
Ralph
Adam Aube wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a Debian way of doing this? Rather
than write my own startup script I want to find
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone? Is there a Debian way of doing this? Rather than
write my own startup script I want to find out if there's a standard way
of doing
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a Debian way of doing this? Rather
than write my own startup script I want to find out if there's
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone?
/etc/init.d/iptables save active
Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Fri, 11 Jun 2004, Adam Aube wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone?
/etc/init.d/iptables save active
Except that is just a hold over
Ralph Crongeyer wrote:
How does one save iptables rules in Debian Unstable/SID? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone? Is there a Debian way of doing this? Rather than
write my own startup script I want to find out if there's
Jaldhar H. Vyas wrote:
On Fri, 11 Jun 2004, Adam Aube wrote:
/etc/init.d/iptables save active
Except that is just a hold over from old versions of the package. It
doesn't exist in new installs.
Odd that it would be removed without a suitable replacement provided.
Adam
--
To
Am Son, den 04.01.2004 schrieb Michelle Konzack um 17:26:
Linux 3.0.38
Öm?
Send source...
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
Am 2004-01-07 23:24:30, schrieb Marcus Fihlon:
Am Son, den 04.01.2004 schrieb Michelle Konzack um 17:26:
Linux 3.0.38
Öm?
Send source...
Kannste noch ein paar Jahre warten ?
Die Versionsnummer ist bereits fertig entwickelt, aber der Rest
der Kernel-Developer kommt mit meiner
Hallo,
da ich bis jetzt auf meinem alten router nur mit Linux 3.0.38 und
'ipfwadm' gearbeitet habe, verstehe ich mit 'iptables' fast nur
Bahnhof...
Habe folgendes:
ppp0ADSLwanadoo.fr
eth0 192.168.1.0/26publicnet Web-Server, access-server, DNS, ...
eth1
am Sun, dem 04.01.2004, um 17:26:37 +0100 mailte Michelle Konzack folgendes:
Ein iptables-Guru verfügbar ?
Guru nun nicht gerade.
Also, ich würde in der Inbetriebnahmephase erst einmal zum Schluß
aller Regelketten loggen.
Dann: ist ip_forward eingeschaltet?
Was sagt cat
Am 2004-01-04 18:07:35, schrieb Andreas Kretschmer:
am Sun, dem 04.01.2004, um 17:26:37 +0100 mailte Michelle Konzack folgendes:
Ein iptables-Guru verfügbar ?
Guru nun nicht gerade.
Also, ich würde in der Inbetriebnahmephase erst einmal zum Schluß
aller Regelketten loggen.
Dann: ist
I'm using a very simple technique for keeping a count of the traffic
volume through my Internet connection, using 2 additional iptables rules
and a script run regularly by cron, but the amount of available packages
that deal with this issue, involving daemons and whatnot, makes me wonder
if my
Regarding Rusty's Really Quick Guide To Packet Filtering
/usr/share/doc/iptables/html/packet-filtering-HOWTO.html#toc5
where are we supposed to put that? /etc/network/if-pre-up.d/somefile
I suppose.
If you tell me to put it in /etc/ppp/ip-up.d I will tell you that it
only needs to be run
One thing that you could do, since you've installed iptables, is setup
all the chains manually. Then run (as root)
/etc/init.d/iptables save active
And if you always want them to be the same
/etc/init.d/iptables save inactive.
This will save the chains so that they start up everytime that you
m == marshal [EMAIL PROTECTED] writes:
m One thing that you could do, since you've installed iptables, is setup
m all the chains manually. Then run (as root)
m /etc/init.d/iptables save active
m And if you always want them to be the same
m /etc/init.d/iptables save inactive.
m This will
Subject: iptables rules
Date: Thu, Aug 02, 2001 at 12:18:14PM +1000
In reply to:Renai LeMay
Quoting Renai LeMay([EMAIL PROTECTED]):
Hi,
I'm running 2.4.7 on a workstation machine with sid, and I'd like to set up
simple firewalling rules on my machine.
From a security
Hi,
I'm running 2.4.7 on a workstation machine with sid, and I'd like to set up
simple firewalling rules on my machine.
From a security point of view, I don't have any services available, they're
all disabled, so all I need to be able to do is web browse, check email, irc,
icq, etc, while
Renai,
Can someone give me some advice on how to setup some simple rules as well as
having them refreshed when I restart?
I'd be happy to send you my iptables script if you like. But it's
really best to craft one yourself so you'll really understand what
you are doing along the way. That
: Monday, February 12, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
not using them, stop the
services or uninstall the packages that are launching them.
- Original Message -
From: Vadim Kutsyy [EMAIL PROTECTED]
To: Debian User debian-user@lists.debian.org
Sent: Monday, February 12, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand
Vadim Kutsyy wrote:
Jason, good idea. I took care about ssh (removed all [K,S]20ssh).
Hoever I have no clue what to do with aother ports.
port 13: daytime
port 37: time
port 9: discard
Any ideas?
Thanks.
Those are started by inetd.Comment them in /etc/inetd.conf then ,as root
port 13: daytime
port 37: time
port 9: discard
Any ideas?
Thanks.
Those are started by inetd.Comment them in /etc/inetd.conf then ,as root
/etc/init.d/inetd restart
Thanks, and last question:
How to make my computer not pingable?
Thanks.
How to make my computer not pingable?
As root,
echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
I don't know what other problems this may lead to, if any, though...
Regards
Hall
Check out the packet filtering howto:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Section 7 covers fun stuff like avoiding ping-o-death syn-flooding.
Wil
--- Hall Stevenson [EMAIL PROTECTED] wrote:
How to make my computer not pingable?
As root,
echo
Wil Reichert wrote:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Section 7 covers fun stuff like avoiding ping-o-death syn-flooding.
I've seen it (I used Section 5 to create my rules). However, my
computer is stand alone workstation without any servers, but
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
recomendation on how to close them?
Thanks.
My iptables rulles:
, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
recomendation on how to close
Greetings everyone...
I've upgraded to the 2.4.0-test5 kernel, compiled in netfilter, downloaded
iptools. As root I can see I have control of the firewall. For example I can
put a iptables -A INPUT -j DROP and nothing gets in or out!. heh. This however
is not what I am after. Can you fine
Try this:
http://www.debiandiary.f2s.com/diary/iptables.html
There is a script there called iptables.sh.
I believe that is the script I used as a starting point.
--
Andrew
On 28-Aug-2000 William Jensen wrote:
Greetings everyone...
I've upgraded to the 2.4.0-test5 kernel, compiled in
Actually, I believe the script I use is based on this one:
http://www.linuxhelp.net/guides/davion/iptables-script
Woody has an iptables package too, which I am examining now.
--
Andrew
]
Subject: RE: iptables rules
In-reply-to: [EMAIL PROTECTED]
To: William Jensen [EMAIL PROTECTED]
Cc: debian-user@lists.debian.org
Reply-to: Pollywog [EMAIL PROTECTED]
Organization: The Pond
X-Mailer: XFMail 1.4.6 on Linux
X-Priority: 3 (Normal)
Resent-Message-ID: [EMAIL PROTECTED]
Resent-From: debian
86 matches
Mail list logo