On Fri, 2016-07-01 at 07:16 +0100, Ned Slider wrote:
> -A Forward -p all -i LAN-NIC -o INET-NIC -j ACCEPT
If one requires all protocols, surely '-p all' is not required because
it is the default ?
--
Regards,
Paul.
England, EU. England's place is in the European Union.
On Fri, Jul 1, 2016 at 2:16 AM, Ned Slider wrote:
>
> Try running:
>
> iptables -nv -L
Yes!
Much sunlight awakening crusty synapses here. :-)
>
> The first thing I would do is move your ESTABLISHED,RELATED rule to the top
> of the chain. Once you've accepted the first
On 30/06/16 23:19, Mike wrote:
Ned,
Thank you very much for the response.
Great example following through on the premise.
It sounds like I need to have a better understanding of the traffic
patterns on my network to know the optimal order for iptables
filtering rules.
Try running:
Ned,
Thank you very much for the response.
Great example following through on the premise.
It sounds like I need to have a better understanding of the traffic
patterns on my network to know the optimal order for iptables
filtering rules.
My brief example -
Premise: I want to limit outsiders
On 30/06/16 18:49, Mike wrote:
On Wed, Jun 29, 2016 at 1:49 PM, Gordon Messmer
wrote:
By putting these rules first, before the "ESTABLISHED,RELATED" rule, you're
applying additional processing (CPU time) to the vast majority of your
packets for no reason. The
On Wed, Jun 29, 2016 at 1:49 PM, Gordon Messmer
wrote:
>
> By putting these rules first, before the "ESTABLISHED,RELATED" rule, you're
> applying additional processing (CPU time) to the vast majority of your
> packets for no reason. The "E,R" rule should be first. It
On 06/29/2016 05:19 PM, Always Learning wrote:
Later he adds to that empty iptables configuration.
Long-winded, but nothing wrong.
Saving doesn't "add" to the empty configuration, it replaced the empty
config. I didn't say it was wrong, I said the saved rules are thrown
away. The initial
On 30/06/16 02:37, Leon Vergottini wrote:
Thank you once again to all. I have learned a lot from you replies.
And I from you.
The funny thing is that I have my rule set with exactly the same default
DROP policy for all chains and several DROP rules at the beginning of my
script. I must
On Wed, 2016-06-29 at 10:49 -0700, Gordon Messmer wrote:
> On 06/29/2016 03:00 AM, Leon Vergottini wrote:
> > #!/bin/bash
> >
> > # RESET CURRENT RULE BASE
> > iptables -F
> > service iptables save
> Why would you save the existing rule set? This script throws it away
> later, when it runs
On 06/29/2016 12:51 PM, Dennis Jacobfeuerborn wrote:
On 29.06.2016 12:00, Leon Vergottini wrote:
# --
# SAVE & APPLY
# --
service iptables save
service iptables restart
You shouldn't
On 29.06.2016 12:00, Leon Vergottini wrote:
> Dear Members
>
> I hope you are all doing well.
>
> I am busy teaching myself iptables and was wondering if I may get some
> advise. The scenario is the following:
>
>
>1. Default policy is to block all traffic
>2. Allow web traffic and
On 06/29/2016 03:00 AM, Leon Vergottini wrote:
#!/bin/bash
# RESET CURRENT RULE BASE
iptables -F
service iptables save
Why would you save the existing rule set? This script throws it away
later, when it runs save again.
# MOST COMMON ATTACKS
iptables -A INPUT -p tcp --tcp-flags ALL
Dear Members
Thank you for your replies.
@Anthony K. -- One of the articles that I have read mentioned that the
file gets read from the top to bottom and apply the rules accordingly. In
addition the article also explained that if there is no matching rule, the
default policy will be applied.
Hello Leon.
In addition to everything else mentioned in this thread, I'd recommend you a
great book on the topic.
"Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash"
It contains a really nice and detailed guide on iptables and most common
attacks, nmap, psad and
On Wed, 29 Jun 2016, Leon Vergottini wrote:
I am busy teaching myself iptables []
How secure is this setup? Is there any mistakes or things that I
need to look out for?
It's only as secure as your web stack (and, in your case, SSH
configuration).
Packet filtering is a necessary
On 29/06/16 20:00, Leon Vergottini wrote:
# DEFAULT FIREWALL POLICY
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# --
# INPUT CHAIN RULES
# --
# MOST COMMON
Dear Members
I hope you are all doing well.
I am busy teaching myself iptables and was wondering if I may get some
advise. The scenario is the following:
1. Default policy is to block all traffic
2. Allow web traffic and SSH
3. Allow other applications
I have come up with the
17 matches
Mail list logo