On Mon, Sep 21, 2020 at 7:54 PM Gregory P. Ennis wrote:
>
> Everyone,
>
> I would like to use our gateway linux machine to give bandwidth preference to
> voip udp
> packets. Can anyone point me to a tutorial about the use of voip and
> iptables?
Arch Linux wiki has nice explanations and
Everyone,
I would like to use our gateway linux machine to give bandwidth preference to
voip udp
packets. Can anyone point me to a tutorial about the use of voip and iptables?
I usually prefer to use iptables instead of firewalld. iptables is more
intuitive, and
easier to understand.
Thanks
--On Friday, July 17, 2020 6:43 AM +0530 Kaushal Shriyan
wrote:
Please refer to my pastebin link https://paste.centos.org/view/cd55a9a6.
Basically I want to allow the below mentioned ruleset on the server
(CentOS Linux release 8.2.2004 (Core)) and drop the rest of the network
traffic from
On Fri, Jul 17, 2020 at 2:41 AM Kenneth Porter
wrote:
> --On Thursday, July 16, 2020 10:41 PM +0530 Kaushal Shriyan
> wrote:
>
> > I have run the below command but I am still able to connect from the
> > internet. Do I need to add any drop traffic policy using nft?
>
> A single rule doesn't
--On Thursday, July 16, 2020 10:41 PM +0530 Kaushal Shriyan
wrote:
I have run the below command but I am still able to connect from the
internet. Do I need to add any drop traffic policy using nft?
A single rule doesn't tell us enough. Dump the entire firewall to a
pastebin and post the
Am 16.07.20 um 18:11 schrieb Kaushal Shriyan:
On Thu, Jul 16, 2020 at 9:25 PM Phil Perry wrote:
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I
am
running the below iptables command to allow SSH port 22 from a
be necessary.
From: CentOS on behalf of Phil Perry
Sent: Thursday, July 16, 2020 10:54 AM
To: centos@centos.org
Subject: [EXTERNAL] Re: [CentOS] Iptables rules not working
CAUTION: This email originated from outside of the organization. Do not click
links or open
On Thu, Jul 16, 2020 at 9:25 PM Phil Perry wrote:
> On 16/07/2020 16:48, Kaushal Shriyan wrote:
> > Hi,
> >
> > I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I
> am
> > running the below iptables command to allow SSH port 22 from a specific
> > source IP 219.91.200.59
> >
On 16/07/2020 16:48, Kaushal Shriyan wrote:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am
running the below iptables command to allow SSH port 22 from a specific
source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
Am 16.07.2020 um 17:48 schrieb Kaushal Shriyan:
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am
running the below iptables command to allow SSH port 22 from a specific
source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
Hi,
I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am
running the below iptables command to allow SSH port 22 from a specific
source IP 219.91.200.59
iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT
> service iptables save
The above iptables
On 6/26/2019 2:41 AM, MRob wrote:
> I am working to a CentOS 6 server with nonstandard iptables system without
> rule for
> ACCEPT ESTABLISHED connections. All tables and chains empty (flush by legacy
> custom
> script) so only filter/INPUT chain has rules (also fail2ban chain):
>
> Chain INPUT
On 6/25/19 11:41 PM, MRob wrote:
When fail2ban block a IP address, established connections are allowed
to continue, but with no rule to accept established connections how is
that possible?
It doesn't look like it would be.
1: Open a connection that will demonstrate the problem later.
2:
On 6/26/19 8:41 AM, MRob wrote:
I am working to a CentOS 6 server with nonstandard iptables system without rule
for ACCEPT ESTABLISHED connections. All tables and chains empty (flush by
legacy custom script) so only filter/INPUT chain has rules (also fail2ban
chain):
Chain INPUT (policy
On 2019-06-26 02:41, MRob wrote:
I am working to a CentOS 6 server with nonstandard iptables system
without rule for ACCEPT ESTABLISHED connections. All tables and chains
empty (flush by legacy custom script) so only filter/INPUT chain has
rules (also fail2ban chain):
Chain INPUT (policy
I am working to a CentOS 6 server with nonstandard iptables system
without rule for ACCEPT ESTABLISHED connections. All tables and chains
empty (flush by legacy custom script) so only filter/INPUT chain has
rules (also fail2ban chain):
Chain INPUT (policy ACCEPT)
target prot opt source
Yes, I have double checked and am sure there is no IP address conflicts.
Likun
On 4/24/19 23:28, centos wrote:
>On 4/24/19 10:31, likun wrote:
>> Hello, Stephen, thank you for input.
>>
>> Yes, these servers have the same firewall rules, and both of them have
the same problem from time to time,
Yes, I have double checked and am sure there is no IP address conflicts.
Likun
On 4/24/19 23:28, centos wrote:
>On 4/24/19 10:31, likun wrote:
>> Hello, Stephen, thank you for input.
>>
>> Yes, these servers have the same firewall rules, and both of them have
the same problem from time to time,
On Wed, 24 Apr 2019 at 06:01, likun wrote:
> Hi,guys.
>
> There is a wierd problem with iptables recently, hopes somebody can help
> me.
>
> I have installed Centos 7.2.1511 on a bare metal Dell server these days,
> disabled firewalld and enabled iptables.services, and setup a group of very
>
Hi,guys.
There is a wierd problem with iptables recently, hopes somebody can help me.
I have installed Centos 7.2.1511 on a bare metal Dell server these days,
disabled firewalld and enabled iptables.services, and setup a group of very
simple rules, as the following:
# iptables-save
# Generated
Y'all may remember me fighting this a few weeks back. I did finally
succeed, and thought that my awk script might be helpful to others. Yes,
it's really simple, it uses the build-in FORWARD chain. The line where I
skip the definition of those chains is because it *is* built in. To use
it, I did an
On Fri, Feb 16, 2018 at 02:54:02PM +, Ken Gramm wrote:
> I've been searching around for a couple of days, and I just can't
> seem to find the answer I'm looking for.
>
>
> I have a 6.x box that I use as my gateway firewall. It has three
> NICs; 1 external, 1 internal, 1 for a guest network.
I've been searching around for a couple of days, and I just can't seem to find
the answer I'm looking for.
I have a 6.x box that I use as my gateway firewall. It has three NICs; 1
external, 1 internal, 1 for a guest network.
I have various inbound traffic routed to separate internal
I have an old postfix server that was historically used by the campus as an
outbound gateway. The campus is now supposed to use a different server running
HAProxy with several backe-end postfix servers. I am using iptables on CentOS
7 to log and block smtp and submission traffic not coming
On 10/16/2016 05:39 PM, Jerry Geis wrote:
I am running asterisk (11.23.0) on a C5 machine. Working fine on port 5060
udp. I have need to tcpenable=yes SIP and run that on port 5068.
Since port 5060 is already running I was going to redirect 5068 to 5060.
Oh, yuck. SIP includes information
Hi all,
I am trying to get iptables to work for me...
I am running asterisk (11.23.0) on a C5 machine. Working fine on port 5060
udp. I have need to tcpenable=yes SIP and run that on port 5068.
Since port 5060 is already running I was going to redirect 5068 to 5060.
So I thought I could use
On Tue, 13 Sep 2016, TE Dukes wrote:
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of John R Pierce
Sent: Sunday, September 11, 2016 10:44 PM
To: centos@centos.org
Subject: Re: [CentOS] Iptables not save rules
On 9/11/2016 8:55 AM
On Tue, Sep 13, 2016 at 08:16:28AM -0400, TE Dukes wrote:
>
>
> > -Original Message-
> > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> > Behalf Of John R Pierce
> > Sent: Sunday, September 11, 2016 10:44 PM
> > To: centos
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of John R Pierce
> Sent: Sunday, September 11, 2016 10:44 PM
> To: centos@centos.org
> Subject: Re: [CentOS] Iptables not save rules
>
> On 9/11/2016 8:55 AM, TE
On 9/11/2016 8:55 AM, TE Dukes wrote:
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes"
IPTABLES_SAVE_ON_STOP="yes"
And
Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes"
IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
On Fri, 2016-07-01 at 07:16 +0100, Ned Slider wrote:
> -A Forward -p all -i LAN-NIC -o INET-NIC -j ACCEPT
If one requires all protocols, surely '-p all' is not required because
it is the default ?
--
Regards,
Paul.
England, EU. England's place is in the European Union.
On Fri, Jul 1, 2016 at 2:16 AM, Ned Slider wrote:
>
> Try running:
>
> iptables -nv -L
Yes!
Much sunlight awakening crusty synapses here. :-)
>
> The first thing I would do is move your ESTABLISHED,RELATED rule to the top
> of the chain. Once you've accepted the first
On 30/06/16 23:19, Mike wrote:
Ned,
Thank you very much for the response.
Great example following through on the premise.
It sounds like I need to have a better understanding of the traffic
patterns on my network to know the optimal order for iptables
filtering rules.
Try running:
Ned,
Thank you very much for the response.
Great example following through on the premise.
It sounds like I need to have a better understanding of the traffic
patterns on my network to know the optimal order for iptables
filtering rules.
My brief example -
Premise: I want to limit outsiders
On 30/06/16 18:49, Mike wrote:
On Wed, Jun 29, 2016 at 1:49 PM, Gordon Messmer
wrote:
By putting these rules first, before the "ESTABLISHED,RELATED" rule, you're
applying additional processing (CPU time) to the vast majority of your
packets for no reason. The
On Wed, Jun 29, 2016 at 1:49 PM, Gordon Messmer
wrote:
>
> By putting these rules first, before the "ESTABLISHED,RELATED" rule, you're
> applying additional processing (CPU time) to the vast majority of your
> packets for no reason. The "E,R" rule should be first. It
On 06/29/2016 05:19 PM, Always Learning wrote:
Later he adds to that empty iptables configuration.
Long-winded, but nothing wrong.
Saving doesn't "add" to the empty configuration, it replaced the empty
config. I didn't say it was wrong, I said the saved rules are thrown
away. The initial
On 30/06/16 02:37, Leon Vergottini wrote:
Thank you once again to all. I have learned a lot from you replies.
And I from you.
The funny thing is that I have my rule set with exactly the same default
DROP policy for all chains and several DROP rules at the beginning of my
script. I must
On Wed, 2016-06-29 at 10:49 -0700, Gordon Messmer wrote:
> On 06/29/2016 03:00 AM, Leon Vergottini wrote:
> > #!/bin/bash
> >
> > # RESET CURRENT RULE BASE
> > iptables -F
> > service iptables save
> Why would you save the existing rule set? This script throws it away
> later, when it runs
On 06/29/2016 12:51 PM, Dennis Jacobfeuerborn wrote:
On 29.06.2016 12:00, Leon Vergottini wrote:
# --
# SAVE & APPLY
# --
service iptables save
service iptables restart
You shouldn't
On 29.06.2016 12:00, Leon Vergottini wrote:
> Dear Members
>
> I hope you are all doing well.
>
> I am busy teaching myself iptables and was wondering if I may get some
> advise. The scenario is the following:
>
>
>1. Default policy is to block all traffic
>2. Allow web traffic and
On 06/29/2016 03:00 AM, Leon Vergottini wrote:
#!/bin/bash
# RESET CURRENT RULE BASE
iptables -F
service iptables save
Why would you save the existing rule set? This script throws it away
later, when it runs save again.
# MOST COMMON ATTACKS
iptables -A INPUT -p tcp --tcp-flags ALL
Dear Members
Thank you for your replies.
@Anthony K. -- One of the articles that I have read mentioned that the
file gets read from the top to bottom and apply the rules accordingly. In
addition the article also explained that if there is no matching rule, the
default policy will be applied.
Hello Leon.
In addition to everything else mentioned in this thread, I'd recommend you a
great book on the topic.
"Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash"
It contains a really nice and detailed guide on iptables and most common
attacks, nmap, psad and
On Wed, 29 Jun 2016, Leon Vergottini wrote:
I am busy teaching myself iptables []
How secure is this setup? Is there any mistakes or things that I
need to look out for?
It's only as secure as your web stack (and, in your case, SSH
configuration).
Packet filtering is a necessary
On 29/06/16 20:00, Leon Vergottini wrote:
# DEFAULT FIREWALL POLICY
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# --
# INPUT CHAIN RULES
# --
# MOST COMMON
Dear Members
I hope you are all doing well.
I am busy teaching myself iptables and was wondering if I may get some
advise. The scenario is the following:
1. Default policy is to block all traffic
2. Allow web traffic and SSH
3. Allow other applications
I have come up with the
On Thu, 2016-02-25 at 07:19 +, James Hogarth wrote:
> Well if you really want to call it a problem... Blocking ICMP via a host
> based firewall remains pretty silly.
On all servers I used IPtables to block (DROP) all incoming ICMPs
except:-
type 0 state RELATED,ESTABLISHED
type 3 state
On 25 Feb 2016 00:30, "John Cenile" wrote:
>
> Thanks all, that seemed to be the problem (the suid bit). :)
Well if you really want to call it a problem... Blocking ICMP via a host
based firewall remains pretty silly.
Bear in mind that since it's a file permission this
> >> - Mail original -
> >>> De: "John Cenile" <jcenile1...@gmail.com>
> >>> À: "centos" <centos@centos.org>
> >>> Envoyé: Mercredi 24 Février 2016 15:42:36
> >>> Objet: [CentOS] IPtables block user from
On Wed, February 24, 2016 12:25 pm, Alexander Dalloz wrote:
> Am 24.02.2016 um 16:07 schrieb Sylvain CANOINE:
>> Hello,
>> - Mail original -
>>> De: "John Cenile" <jcenile1...@gmail.com>
>>> Ã: "centos" <centos@centos.org>
&
Am 24.02.2016 um 15:42 schrieb John Cenile:
Hello,
Is it possible at all to block all users other than root from sending
outbound ICMP packets on an interface?
At the moment we have the following two rules in our IPtables config:
iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT
Am 24.02.2016 um 16:07 schrieb Sylvain CANOINE:
Hello,
- Mail original -
De: "John Cenile" <jcenile1...@gmail.com>
À: "centos" <centos@centos.org>
Envoyé: Mercredi 24 Février 2016 15:42:36
Objet: [CentOS] IPtables block user from outbound ICMP
Is
On 02/24/2016 06:42 AM, John Cenile wrote:
Is it possible at all to block all users other than root from sending
outbound ICMP packets on an interface?
That is, more or less, the default. In order to send ICMP packets, an
application must be root, or must have the CAP_NET_RAW capability (as
Hello,
- Mail original -
> De: "John Cenile" <jcenile1...@gmail.com>
> À: "centos" <centos@centos.org>
> Envoyé: Mercredi 24 Février 2016 15:42:36
> Objet: [CentOS] IPtables block user from outbound ICMP
> Is it possible at all to block al
Hello,
Is it possible at all to block all users other than root from sending
outbound ICMP packets on an interface?
At the moment we have the following two rules in our IPtables config:
iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j DROP
But this
Would someone please explain to me the difference in effect between
the following two IPTABLES conditions and the significance thereof in
concurrent connection limiting?
--tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \
--connlimit-above 3 --connlimit-mask 32
--state NEW -j REJECT \
James B. Byrne byrnejb@... writes:
Would someone please explain to me the difference in effect between
the following two IPTABLES conditions and the significance thereof in
concurrent connection limiting?
--tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \
--connlimit-above 3 --connlimit-mask
On Thu, 2015-04-02 at 22:42 -0600, Paul R. Ganci wrote:
I had turned off firewalld and was using iptables when I originally
installed CentOS 7.0. Two days ago I upgraded my CentOS 7.0 to 7.1.
Everything seemed to be fine. Today I discovered that my iptables
configuration was removed with
Hello all,
It appears that, for some reason I have thus far failed to understand when
you use marking in iptables you then run into troubles if you attempt to do
NAT (MAQUERADE).
Let me describe this in more detail.
We are attempting to use a network test environment named ATCD running it
on a
No there was nothing. Having said that I think I was having a senior moment.
I have two servers on which I am testing 7.x. These are isolated machines that
if I had to I could just wipe and start over. On one machine the
/etc/sysconfig/iptables was intact after the upgrade. On the other it
I had turned off firewalld and was using iptables when I originally
installed CentOS 7.0. Two days ago I upgraded my CentOS 7.0 to 7.1.
Everything seemed to be fine. Today I discovered that my iptables
configuration was removed with the update. Has anyone else experienced
this on doing
On Thu, 02 Apr 2015 22:42:02 -0600
Paul R. Ganci wrote:
Literally the /etc/sysconfig/iptables is gone and
the /etc/sysconfig/iptables-config is the blank template that comes with
the distribution. This seems to me to be a serious bug with the upgrade.
Do you have a .rpmsave file in that
+1
On Tue, Jun 17, 2014 at 9:41 AM, James B. Byrne byrn...@harte-lyne.ca
wrote:
On Mon, June 16, 2014 23:34, Chuck Campbell wrote:
I appreciate you restating this. I'll try to go make sense of iptables,
given
the insight,
Keep in mind that there are three default chains, INPUT,
On Mon, June 16, 2014 23:34, Chuck Campbell wrote:
I appreciate you restating this. I'll try to go make sense of iptables, given
the insight,
Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD
that are used to initiate the packet path through IPTABLES and that they
On 06/17/2014 10:41 AM, James B. Byrne wrote:
On Mon, June 16, 2014 23:34, Chuck Campbell wrote:
I appreciate you restating this. I'll try to go make sense of iptables, given
the insight,
Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD
that are used to initiate
On 6/16/2014 11:08 PM, John R Pierce wrote:
On 6/16/2014 8:52 PM, Chuck Campbell wrote:
I ran a script after fail2ban was started. It looks like this:
#!/bin/sh
iptables -A INPUT -s 116.10.191.0/24 -j DROP
iptables -A INPUT -s 183.136.220.0/24 -j DROP
iptables -A INPUT -s 183.136.221.0/24 -j
On 6/17/2014 2:14 PM, Chuck Campbell wrote:
I'll experiment with that when I am physically in front of the
server, instead of remote from it. I would have had no quick remedy if I
messed
it up.
thats why all my servers have remote consoles :)
--
john r pierce
On 6/16/2014 15:58, Chuck Campbell wrote:
If they keep going through this ip block, they will still get 255 attempts at
the root password and 1020 attempts at other login/password combinations
before
they are blocked by fail2ban.
I'm glad you got your firewall problem sorted out, but I can't
On 6/17/2014 6:39 PM, Warren Young wrote:
On 6/16/2014 15:58, Chuck Campbell wrote:
If they keep going through this ip block, they will still get 255 attempts at
the root password and 1020 attempts at other login/password combinations
before
they are blocked by fail2ban.
I'm glad you got
On 6/17/2014 19:35, Chuck Campbell wrote:
I haven't done the load stats, but it appears
to me that a hundred of these crackers hitting my machine at these rates is
likely to deny my legit users some resources.
So increase the fail2ban time from the default (5 minutes, as I recall)
to 1 hour,
I'm running fail2ban to attempt to block malicious brute-force password
dictionary attacks against ssh. They seem to be rolling through a block of ip
addresses as the source to defeat this kind of screening, so I've set some ip
addresses to be blocked in iptables. Here is the output of iptables -L
On Mon, 2014-06-16 at 16:58 -0500, Chuck Campbell wrote:
I'm running fail2ban to attempt to block malicious brute-force password
dictionary attacks against ssh.
You could:-
(1) Change the SSHD port to something obscure.
(2) Restrict access to the SSHD port, using iptables, to a group of
On Mon, 16 Jun 2014 16:58:18 -0500
Chuck Campbell wrote:
Why is this ip range still able to attempt connections? Have I done something
wrong with my address ranges, or added them in the wrong place?
Have you considered taking the opposite approach and allowing only the IP
addresses that you
On 6/16/2014 2:58 PM, Chuck Campbell wrote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-VSFTPD tcp -- anywhere anywheretcp dpt:ftp
fail2ban-SSH tcp -- anywhere anywheretcp dpt:ssh
On 06/17/2014 01:11 AM, John R Pierce wrote:
On 6/16/2014 2:58 PM, Chuck Campbell wrote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-VSFTPD tcp -- anywhere anywheretcp
dpt:ftp
fail2ban-SSH tcp -- anywhere
On 06/17/2014 01:46 AM, Bret Taylor wrote:
Get rid of fail2ban, it's not needed. Just write a proper firewall.
Are you series??
There are applications that fail2ban offers them things which others
just can't..
If you can email me the ip for your servers and also the root password
and allow me
[previous article hasn't appeared on gmane yet]
On 2014-06-16, Eliezer Croitoru elie...@ngtech.co.il wrote:
On 06/17/2014 01:46 AM, Bret Taylor wrote:
Get rid of fail2ban, it's not needed. Just write a proper firewall.
Are you series??
There are applications that fail2ban offers them things
All of the suggestions are graciously accepted, however, I was actually asking
what I was doing wrong with iptables, and why, with the rules I put in place,
someone was still able to connect to my machine.
I understand there might be better ways, but if I don't understand what I did
wrong last
On Mon, 2014-06-16 at 21:42 -0500, Chuck Campbell wrote:
All of the suggestions are graciously accepted, however, I was actually
asking
what I was doing wrong with iptables, and why, with the rules I put in place,
someone was still able to connect to my machine.
I understand there might
On 6/16/2014 9:44 PM, Earl Ramirez wrote:
On Mon, 2014-06-16 at 21:42 -0500, Chuck Campbell wrote:
All of the suggestions are graciously accepted, however, I was actually
asking
what I was doing wrong with iptables, and why, with the rules I put in place,
someone was still able to connect to
As John R Pierce mentioned one of your first rule in the chain is
RH-Firewall-1-INPUT all -- anywhere anywhere, this
simply mean everything with DROP after it will be ignored. iptables
will work its way down the chain, therefore you have to options
1. remove that line or
2.
On 6/16/2014 8:52 PM, Chuck Campbell wrote:
I ran a script after fail2ban was started. It looks like this:
#!/bin/sh
iptables -A INPUT -s 116.10.191.0/24 -j DROP
iptables -A INPUT -s 183.136.220.0/24 -j DROP
iptables -A INPUT -s 183.136.221.0/24 -j DROP
iptables -A INPUT -s 183.136.222.0/24
I ran:
iptables -L
and see this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywherestate
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere
On 11/5/2013 3:55 PM, Wes James wrote:
I ran:
iptables -L
incomplete output. try...
iptables -L -vn
and you'll probably see that reject is for a specific packet type. the v
is for verbose, the n is for numeric output (no DNS lookup)
--
john r pierce
On Tue, Nov 5, 2013 at 5:22 PM, John R Pierce pie...@hogranch.com wrote:
On 11/5/2013 3:55 PM, Wes James wrote:
I ran:
iptables -L
incomplete output. try...
iptables -L -vn
and you'll probably see that reject is for a specific packet type. the v
is for verbose, the n is for numeric
Hi,
We recently installed CentOS 6.2 on our cluster. During
the installation/debugging of various secondary software, we had
disabled iptables. When we re-enabled them, we found that the
front-end would no longer X11 forward (although it does so
when the iptables are off). What do we need to
On Fri, Mar 29, 2013 at 11:34 AM, Pat Haley pha...@mit.edu wrote:
Hi,
We recently installed CentOS 6.2 on our cluster. During
the installation/debugging of various secondary software, we had
disabled iptables. When we re-enabled them, we found that the
front-end would no longer X11
Hi,
Actually we're talking about both SSH and XDMCP X11 forwarding.
Both seem to be currently disabled by the iptables.
We'll try out what you suggest and get back with the results.
Thanks.
Pat
On Fri, Mar 29, 2013 at 11:34 AM, Pat Haley pha...@mit.edu wrote:
Hi,
We recently installed
On Fri, Mar 29, 2013 at 12:37 PM, Pat Haley pha...@mit.edu wrote:
Hi,
Actually we're talking about both SSH and XDMCP X11 forwarding.
Both seem to be currently disabled by the iptables.
We'll try out what you suggest and get back with the results.
Thanks.
Pat
iptables should have no
On Fri, Mar 29, 2013 at 1:09 PM, zGreenfelder zgreenfel...@gmail.comwrote:
On Fri, Mar 29, 2013 at 12:37 PM, Pat Haley pha...@mit.edu wrote:
Hi,
Actually we're talking about both SSH and XDMCP X11 forwarding.
Both seem to be currently disabled by the iptables.
We'll try out what
On Sat, Mar 30, 2013 at 12:54 PM, SilverTip257 silvertip...@gmail.comwrote:
On Fri, Mar 29, 2013 at 1:09 PM, zGreenfelder zgreenfel...@gmail.com
wrote:
On Fri, Mar 29, 2013 at 12:37 PM, Pat Haley pha...@mit.edu wrote:
Hi,
Actually we're talking about both SSH and XDMCP X11
From: Earl A Ramirez earlarami...@gmail.com
To: CentOS mailing list centos@centos.org
Sent: Tuesday, December 4, 2012 3:25 PM
Subject: Re: [CentOS] iptables port forwarding
On 5 December 2012 03:38, Joseph Spenner joseph85...@yahoo.com wrote:
I have a simple
=?ISO-8859-1?Q?Miguel_Gonz=E1lez_Casta=F1os?= wrote on Tue, 04 Dec 2012
02:09:26 +0100:
How can I enable that CONFIG_IP_NF_MATCH_STATE support in my kernel?
Sounds like your are not running the standard kernel, but something
provided by your VPS provider. If that is indeed the case you have
I have a simple requirement/test I'm trying to perform, but having difficulty.
I have a system with 2 interfaces, BoxA:
eth0 172.26.50.102
eth1 192.101.77.62
My goal is to have a tcp port built on BoxA such that hosts on the
192.101.77.0/24 network can reach a port on a different box on the
On 5 December 2012 03:38, Joseph Spenner joseph85...@yahoo.com wrote:
I have a simple requirement/test I'm trying to perform, but having
difficulty.
I have a system with 2 interfaces, BoxA:
eth0 172.26.50.102
eth1 192.101.77.62
My goal is to have a tcp port built on BoxA such that
Hi,
I have a VPS running Centos 6.2 and trying to run this iptables rule:
[root@myserver ~]# iptables -A INPUT -i venet0 -m state --state
ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name.
Narrowing down the issue it seems there is no IP_CONNTRACK support
but now
Helo,
we use recent to control ip traffic.
kernel 2.6.18-308.13.1.el5 : all is OK
kernel 2.6.18-308.16.1.el5 : the first recent statement causes an error.
E.g.:
iptables -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
iptables: Unknown error 18446744073709551615
The man pages
On 11/09/2012 02:07 PM, Helmut Drodofsky wrote:
Helo,
we use recent to control ip traffic.
kernel 2.6.18-308.13.1.el5 : all is OK
kernel 2.6.18-308.16.1.el5 : the first recent statement causes an error.
E.g.:
iptables -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
1 - 100 of 433 matches
Mail list logo