On Tue, Dec 31, 2013 at 9:08 AM, Pandu Poluan wrote:
>
> On Dec 30, 2013 7:31 PM, "shawn wilson" wrote:
>>
>> Minor additions to what Pandu said...
>>
>> On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan wrote:
>> > On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl
>> > wrote:
>>
>> > The numbers within [
On Dec 30, 2013 7:31 PM, "shawn wilson" wrote:
>
> Minor additions to what Pandu said...
>
> On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan wrote:
> > On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl
wrote:
>
> > The numbers within [brackets] are statistics/countes. Just replace
> > them with [0:0], un
Minor additions to what Pandu said...
On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan wrote:
> On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl wrote:
> The numbers within [brackets] are statistics/countes. Just replace
> them with [0:0], unless you really really really have a good reason to
> not star
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl wrote:
>
[-- LE SNIP --]
> Ok, well, maybe I should have posted my entire ruleset...
>
> I have this above where I define my chains:
>
> #
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT DROP [0:0]
> #
>
> Does it matter where this goes?
>
On 2013-12-29 1:39 PM, shawn wilson wrote:
On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl wrote:
Hi all,
Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
I'd like to start with something fairly simple:
1. Allow connections from anywhere ONLY to certain ports
ie, for
On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl wrote:
> Hi all,
>
> Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
>
> I'd like to start with something fairly simple:
>
> 1. Allow connections from anywhere ONLY to certain ports
>
> ie, for encrypted IMAP/SMTP connections f
Hi all,
Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
I'd like to start with something fairly simple:
1. Allow connections from anywhere ONLY to certain ports
ie, for encrypted IMAP/SMTP connections from users
2. Allow connections from only certain IP addresses t
On 2011-12-17 11:34 AM, Hari Purnama wrote:
Did you put the log-prefix rule before or after the LOG rule?
After - the log prefix rule is last...
Or why didn't you put it in a 1liner, say:
-A INPUT -i eth0 -m state --state INVALID -j LOG --log-level 7
--log-prefix "(>fw-drop): " --log-ip-opt
On 12/16/11 22:17, Tanstaafl wrote:
> Hi all,
>
> I was reading up on some iptables rules in the gentoo security handbook:
>
> http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=12&style=printable
>
>
> It mentions DROPing packets with an INVALID state.
>
> It sounded/sounds li
Hi all,
I was reading up on some iptables rules in the gentoo security handbook:
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=12&style=printable
It mentions DROPing packets with an INVALID state.
It sounded/sounds like a good idea, so I added the following rule:
-A
Dnia piątek, 2 lutego 2007, Hans-Werner Hilse napisał:
> Nope, just the target Adress is rewritten (by routing). DNAT is
> Destination NAT! I.e. the target IP of the packet is rewritten. Since
> the Linksys is the default gateway, packets can keep their source IP
> address. Of course, the source MA
Hi,
On Fri, 2 Feb 2007 09:45:53 +0100 Pawel Kraszewski
<[EMAIL PROTECTED]> wrote:
> Dnia środa, 31 stycznia 2007, James Colby napisał:
>
> > I have a small home server that I have connected to the internet
> > through a linksys router and cable modem. The linksys router is
> > currently forward
Dnia środa, 31 stycznia 2007, James Colby napisał:
> I have a small home server that I have connected to the internet
> through a linksys router and cable modem. The linksys router is
> currently forwarding all ssh traffic to my gentoo box. What I would
^
Take note, that fo
James Colby wrote:
> currently forwarding all ssh traffic to my gentoo box. What I would
> like to do is set up iptables to only allow ssh logins from a small
> number of internet hosts,
iptables -A INPUT -s ip-address-of-know-host --dport 22 -j ACCEPT
> and to reject and log all other ssh
>
On Wednesday 31 January 2007 20:56, Albert Hopkins wrote:
> On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote:
> > List members -
> >
> > I have a small home server that I have connected to the internet
> > through a linksys router and cable modem. The linksys router is
> > currently forwarding
On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote:
> List members -
>
> I have a small home server that I have connected to the internet
> through a linksys router and cable modem. The linksys router is
> currently forwarding all ssh traffic to my gentoo box. What I would
> like to do is set
List members -
I have a small home server that I have connected to the internet
through a linksys router and cable modem. The linksys router is
currently forwarding all ssh traffic to my gentoo box. What I would
like to do is set up iptables to only allow ssh logins from a small
number of inter
On Tue, 28 Mar 2006 19:08:38 +0530
"Hiren Dave" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I want to configure firewall such that network 192.168.1.0/24 can
> only access http server from server1(192.168.0.2/24) and
> network 192.168.0.0/24 can not access http server. So I tried this:
>
> #service ipt
On 28 March 2006 15:38, Hiren Dave wrote:
> Hi,
>
> I want to configure firewall such that network 192.168.1.0/24 can
> only access http server from server1(192.168.0.2/24) and
> network 192.168.0.0/24 can not access http server. So I tried this:
>
> #service iptables stop
> #iptables -P INPUT DROP
On Tuesday 28 March 2006 07:38, "Hiren Dave" <[EMAIL PROTECTED]> wrote
about '[gentoo-user] iptables question':
> #service iptables stop
> #iptables -P INPUT DROP
> #iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j ACCEPT
>
> But this comma
Hi,
I want to configure firewall such that network 192.168.1.0/24 canonly access http server from server1(192.168.0.2/24) andnetwork
192.168.0.0/24 can not access http server. So I tried this:
#service iptables stop#iptables -P INPUT DROP#iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j
On Friday 20 January 2006 13:49, Trenton Adams wrote:
> Under the *nat rule,
>
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to
> 192.168.7.1:443
>
> Under the *filter rules.
>
> -A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp
> --dport 443 -j ACCEPT
I tried similar co
Under the *nat rule,
-A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to 192.168.7.1:443
Under the *filter rules.
-A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport
443 -j ACCEPT
On 1/20/06, Dmitry S. Makovey <[EMAIL PROTECTED]> wrote:
>
> somewhat offtopic, but si
somewhat offtopic, but since I need any help I can get:
how do I redirect trafic from outward facing interface
(192.168.1.114:80) to loopback device (127.0.0.1:80) ?
my most obvious trick:
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.114 --dport 80 \
-j DNAT --to 127.0.0.1:80
and
24 matches
Mail list logo
