On Dec 30, 2013 7:31 PM, shawn wilson ag4ve...@gmail.com wrote:
Minor additions to what Pandu said...
On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote:
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org
wrote:
The numbers within [brackets] are
On Tue, Dec 31, 2013 at 9:08 AM, Pandu Poluan pa...@poluan.info wrote:
On Dec 30, 2013 7:31 PM, shawn wilson ag4ve...@gmail.com wrote:
Minor additions to what Pandu said...
On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote:
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl
On 2013-12-29 1:39 PM, shawn wilson ag4ve...@gmail.com wrote:
On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl tansta...@libertytrek.org wrote:
Hi all,
Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
I'd like to start with something fairly simple:
1. Allow connections
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org wrote:
[-- LE SNIP --]
Ok, well, maybe I should have posted my entire ruleset...
I have this above where I define my chains:
#
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#
Does it matter where
Minor additions to what Pandu said...
On Mon, Dec 30, 2013 at 7:02 AM, Pandu Poluan pa...@poluan.info wrote:
On Mon, Dec 30, 2013 at 6:07 PM, Tanstaafl tansta...@libertytrek.org wrote:
The numbers within [brackets] are statistics/countes. Just replace
them with [0:0], unless you really really
Hi all,
Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
I'd like to start with something fairly simple:
1. Allow connections from anywhere ONLY to certain ports
ie, for encrypted IMAP/SMTP connections from users
2. Allow connections from only certain IP addresses
On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl tansta...@libertytrek.org wrote:
Hi all,
Ok, I'm setting up a new server, and I'd like to rethink my iptables rules.
I'd like to start with something fairly simple:
1. Allow connections from anywhere ONLY to certain ports
ie, for encrypted
On 12/16/11 22:17, Tanstaafl wrote:
Hi all,
I was reading up on some iptables rules in the gentoo security handbook:
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1chap=12style=printable
It mentions DROPing packets with an INVALID state.
It sounded/sounds like a good
On 2011-12-17 11:34 AM, Hari Purnama h...@mapits.com wrote:
Did you put the log-prefix rule before or after the LOG rule?
After - the log prefix rule is last...
Or why didn't you put it in a 1liner, say:
-A INPUT -i eth0 -m state --state INVALID -j LOG --log-level 7
--log-prefix (fw-drop):
Hi all,
I was reading up on some iptables rules in the gentoo security handbook:
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1chap=12style=printable
It mentions DROPing packets with an INVALID state.
It sounded/sounds like a good idea, so I added the following rule:
-A
Dnia środa, 31 stycznia 2007, James Colby napisał:
I have a small home server that I have connected to the internet
through a linksys router and cable modem. The linksys router is
currently forwarding all ssh traffic to my gentoo box. What I would
^
Take note, that
Hi,
On Fri, 2 Feb 2007 09:45:53 +0100 Pawel Kraszewski
[EMAIL PROTECTED] wrote:
Dnia środa, 31 stycznia 2007, James Colby napisał:
I have a small home server that I have connected to the internet
through a linksys router and cable modem. The linksys router is
currently forwarding all
Dnia piątek, 2 lutego 2007, Hans-Werner Hilse napisał:
Nope, just the target Adress is rewritten (by routing). DNAT is
Destination NAT! I.e. the target IP of the packet is rewritten. Since
the Linksys is the default gateway, packets can keep their source IP
address. Of course, the source MAC
On Wednesday 31 January 2007 20:56, Albert Hopkins wrote:
On Wed, 2007-01-31 at 15:36 -0500, James Colby wrote:
List members -
I have a small home server that I have connected to the internet
through a linksys router and cable modem. The linksys router is
currently forwarding all ssh
James Colby wrote:
currently forwarding all ssh traffic to my gentoo box. What I would
like to do is set up iptables to only allow ssh logins from a small
number of internet hosts,
iptables -A INPUT -s ip-address-of-know-host --dport 22 -j ACCEPT
and to reject and log all other ssh
Hi,
I want to configure firewall such that network 192.168.1.0/24 canonly access http server from server1(192.168.0.2/24) andnetwork
192.168.0.0/24 can not access http server. So I tried this:
#service iptables stop#iptables -P INPUT DROP#iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80
On Tuesday 28 March 2006 07:38, Hiren Dave [EMAIL PROTECTED] wrote
about '[gentoo-user] iptables question':
#service iptables stop
#iptables -P INPUT DROP
#iptables -t filter -A INPUT -s 192.168.1.0/24 --dport 80 -j ACCEPT
But this command sends error that Unknown arg: --dport
HOW CAN I
On 28 March 2006 15:38, Hiren Dave wrote:
Hi,
I want to configure firewall such that network 192.168.1.0/24 can
only access http server from server1(192.168.0.2/24) and
network 192.168.0.0/24 can not access http server. So I tried this:
#service iptables stop
#iptables -P INPUT DROP
On Tue, 28 Mar 2006 19:08:38 +0530
Hiren Dave [EMAIL PROTECTED] wrote:
Hi,
I want to configure firewall such that network 192.168.1.0/24 can
only access http server from server1(192.168.0.2/24) and
network 192.168.0.0/24 can not access http server. So I tried this:
#service iptables stop
somewhat offtopic, but since I need any help I can get:
how do I redirect trafic from outward facing interface
(192.168.1.114:80) to loopback device (127.0.0.1:80) ?
my most obvious trick:
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.114 --dport 80 \
-j DNAT --to 127.0.0.1:80
and
Under the *nat rule,
-A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to 192.168.7.1:443
Under the *filter rules.
-A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport
443 -j ACCEPT
On 1/20/06, Dmitry S. Makovey [EMAIL PROTECTED] wrote:
somewhat offtopic, but since
On Friday 20 January 2006 13:49, Trenton Adams wrote:
Under the *nat rule,
-A PREROUTING -i eth0 -p tcp -m tcp --dport 58443 -j DNAT --to
192.168.7.1:443
Under the *filter rules.
-A ADAMS-FW-INPUT -i eth0 -m state --state NEW -m tcp -p tcp
--dport 443 -j ACCEPT
I tried similar
22 matches
Mail list logo