Questions tagged [firewall]
A Firewall is an application or hardware device used to inspect and filter network traffic.
4,245
questions
296
votes
16
answers
711k
views
How to Unban an IP properly with Fail2Ban
I'm using Fail2Ban on a server and I'm wondering how to unban an IP properly.
I know I can work with IPTables directly: iptables -D fail2ban-ssh <number>
But is there not a way to do it with ...
- 3,223
196
votes
22
answers
110k
views
Is it normal to get hundreds of break-in attempts per day?
I just checked my server's /var/log/auth.log and found that I'm getting over 500 failed password/break-in attempt notifications per day! My site is small, and its URL is obscure. Is this normal? ...
- 1,537
146
votes
11
answers
455k
views
best way to clear all iptables rules
I currently have this snippet:
# flush all chains
iptables -F
iptables -t nat -F
iptables -t mangle -F
# delete all chains
iptables -X
Is there a possibility that some impervious rule will stay ...
- 1,991
126
votes
4
answers
1.0m
views
How to check if a port is blocked on a Windows machine?
On the Windows platform, what native options to I have to check if a port (3306, for example) on my local machine (as in localhost), is being blocked?
- 1,373
121
votes
7
answers
200k
views
REJECT vs DROP when using iptables
Is there any reason why I would want to have
iptables -A INPUT -j REJECT
instead of
iptables -A INPUT -j DROP
- 11.9k
119
votes
4
answers
211k
views
What firewall ports need to be open to allow access to external git repositories?
What firewall port(s) need to be open to allow access to external git repositories?
- 1,325
114
votes
8
answers
750k
views
Which ports do I need to open in the firewall to use NFS?
I'm running Ubuntu 11.10 - setting up NFS to share a directory among many other servers. Which ports are required to be opened on the firewall?
- 1,253
110
votes
20
answers
31k
views
Why should I firewall servers?
PLEASE NOTE: I'm not interested in making this into a flame war! I understand that many people have strongly-held beliefs about this subject, in no small part because they've put a lot of effort into ...
- 5,352
100
votes
7
answers
107k
views
SSH from A through B to C, using private key on B [closed]
I'm looking for a simple way to SSH from my local machine, A, through a proxy, B, to a destination host, C. The private key that goes with the public key on C is on B, and I can't put that key on my ...
- 3,130
81
votes
2
answers
218k
views
How to open port for a specific IP address with firewall-cmd on CentOS? [duplicate]
I would like to open port 4567 for the IP address 1.2.3.4 with the firewall-cmd command on a CentOS 7.1 server.
How can I achieve this, as the documentation I could find was too specific on this?
- 913
75
votes
1
answer
140k
views
What is the difference between a Source NAT, Destination NAT and Masquerading?
What is the difference between a Source NAT, Destination NAT and Masquerading?
For example, I thought IP Masqurading was what they used to call it in Linux?
But what confuses me is that in our Astaro ...
- 14.5k
74
votes
4
answers
81k
views
How to PREPEND rules rather than APPEND using iptables?
Pretty basic question: how to PREPEND rules on IPTABLES rather than to APPEND?
I have DROP statements at the bottom of my rules. I have a software to add new rules but adding rules after DROP ...
- 933
67
votes
2
answers
182k
views
iptables: difference between NEW, ESTABLISHED and RELATED packets
Part of a firewall on a server :
iptables -A INPUT -p tcp --dport 22 -m state NEW --state -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 100 --...
- 1,377
67
votes
4
answers
161k
views
Windows equivalent of iptables?
Dumb question:
Is there an equivalent of iptables on Windows? Could I install one via cygwin?
The real question: how can I accomplish on Windows what I can accomplish via iptables?
Just looking for ...
- 895
66
votes
8
answers
61k
views
What steps do you take to secure a Debian server? [closed]
I am installing a Debian server which is connected directly to the Internet. Obviously I want to make it as secure as possible. I would like you guys/gals to add your ideas to secure it and what ...
62
votes
5
answers
9k
views
I accidentaly forbid SSH connection to a remote server... What's next?
Let's say it again, we all make mistakes, and I have just made one.
A brief history: I was doing some stuff on a VPS (Debian) I'm renting, when I noticed some strange behaviour. Using the netstat ...
- 621
62
votes
18
answers
44k
views
iptables Tips & Tricks [closed]
I'm sure Linux sysadmins are quite familiar with iptables, the userland interface to the netfilter packet-filtering framework.
Now, this "Question" is meant to be a Community Wiki for collecting ...
61
votes
8
answers
8k
views
Why would I need a firewall if my server is well configured?
I admin a handful of cloud-based (VPS) servers for the company I work for.
The servers are minimal ubuntu installs that run bits of LAMP stacks / inbound data collection (rsync). The data is large ...
- 1,179
60
votes
5
answers
96k
views
iptables port redirect not working for localhost
I want to redirect all traffic from port 443 to the internal port 8080. I'm using this config for iptables:
iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp \
--dport 443 -...
- 601
58
votes
10
answers
39k
views
Why not block ICMP?
I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script...
# Establish a clean slate
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
...
- 2,459
58
votes
6
answers
68k
views
Where does UFW (uncomplicated firewall) save command-line rules to?
You add a rule like this:
ufw allow 22/tcp
The rule is saved, and is applied even after reboot. But it's not written anywhere in /etc/ufw. Where is it saved to? (Ubuntu, using ufw as pre-installed.)
- 5,830
57
votes
4
answers
173k
views
Is it possible to change an "Unidentified Network" into a "Home" or "Work" network on Windows 7
I have a problem with Windows 7 RC (7100).
I frequently use a crossover network cable on WinXP with static IP addresses to connect to various industrial devices (e.g. robots, pumps, valves or even ...
- 673
55
votes
2
answers
53k
views
Are EC2 security group changes effective immediately for running instances?
I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately?...
- 2,981
54
votes
6
answers
131k
views
iptables error: unknown option --dport
The command iptables no longer recognizes one of the most commonly used options when defining rules: --dport.
I get this error:
[root@dragonweyr /home/calyodelphi]# iptables -A INPUT --dport 7777 -j ...
- 651
53
votes
3
answers
117k
views
Ubuntu ufw: set a rule on a per interface basis
I want to create a rule that allows anyone on eth1 to access port 80. Can UFW do this or should I go back to using Shorewall?
To clarify: this is a capabilties question, can ufw handle interfaces as ...
- 4,740
53
votes
2
answers
457k
views
TCP/IP ports necessary for CIFS/SMB operation
If I want to allow Windows networked drives between two firewalled computers, do I need to open ports 137-139, or is port 445 sufficient? I have to submit a form and get approval to open firewall ...
- 633
49
votes
7
answers
62k
views
How can I prevent a DDOS attack on Amazon EC2?
One of the servers I use is hosted on the Amazon EC2 cloud. Every few months we appear to have a DDOS attack on this sever. This slows the server down incredibly. After around 30 minutes, and ...
- 2,783
46
votes
3
answers
70k
views
UFW Firewall Rules ordering?
I have the following rules on our server within UFW:
To Action From
-- ------ ----
22 ALLOW 217.22.12.111
22 ...
- 2,717
43
votes
2
answers
84k
views
Can I use ufw to setup a port forward?
Im currently using ufw to enforce some basic firewall rules. Is it possible to also use ufw to do port forwarding?
Specifically im wanting to forward incoming traffic to my server (same machine ...
- 501
42
votes
1
answer
91k
views
What does "!Z" and "!X" mean in a traceroute?
When you see "!Z" or "!X" in a traceroute, what does that mean?
Where is it coming from, and how do I fix it?
- 1,942
40
votes
1
answer
39k
views
Will tcpdump see packets that are being dropped by iptables?
I have a firewall with these simple rules:
iptables -A INPUT -p tcp -s 127.0.0.1/32 --dport 6000 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.16.20/32 --dport 6000 -j ACCEPT
iptables -A INPUT -p tcp ...
- 1,144
37
votes
6
answers
12k
views
Hardware Firewall Vs. Software Firewall (IP Tables, RHEL)
My hosting company says IPTables is useless and doesn't provide any protection. Is this a lie?
TL;DR
I have two, co-located servers. Yesterday my DC company contacted me to tell me that because I'm ...
user80776
36
votes
4
answers
83k
views
How to make Firefox trust system CA certificates?
Our network admin recently enabled HTTPS inspection on our firewall/router. For IE users this is fine because the certs have all been distributed via Active Directory for domain-joined machines. ...
- 1,922
35
votes
7
answers
350k
views
What firewall ports do I need to open when using FTPS?
I need to access an FTPS server (vsftpd) on a vendor's site. The vendor has a firewall in front of the ftps server. I have a firewall in front of my FTPS client.
I understand that ports 990, 991 and ...
user3293
33
votes
4
answers
30k
views
Copy UFW rules between servers
I'm doing a hardware refresh on a my Colo, I just need to copy my UFW rules from my old server to my new server. I dont seem to be able to get them copy all the active rules from my old server to my ...
- 1,765
32
votes
1
answer
22k
views
Fail2ban jail.local vs jail.conf
Does jail.local file act as an override to jail.conf or as a replacement to jail.conf?
When I was learning about Fail2Ban from tutorials, most of them usually say either to copy jail.conf to jail....
- 1,451
32
votes
4
answers
54k
views
Rate limiting with UFW: setting limits
UFW's man page mentions that it can setup iptables rate limiting for me:
ufw supports connection rate limiting, which is useful for
protecting
against brute-force login attacks. ufw ...
- 631
31
votes
3
answers
285k
views
Which ports for IPSEC/LT2P?
I have a firewall/router (not doing NAT).
I've googled and seen conflicting answers. It seems UDP 500 is the common one. But the others are confusing. 1701, 4500.
And some say I need to also ...
- 14.5k
30
votes
5
answers
3k
views
Will everyone having Globally Accessible IP's in IPv6 be kind of a security nightmare? [duplicate]
Possible Duplicate:
Switch to IPv6 and get rid of NAT? Are you kidding?
I'm thinking about the way that in IPv4 most of the time you have a single point to configure a firewall on, mainly your ...
- 4,909
29
votes
8
answers
12k
views
Block employee access to public cloud
First of all, let me state that this is not my idea and I don't want to discuss whether such an action is reasonable.
However, for a company, is there a way to prevent employees to access public ...
- 467
29
votes
3
answers
45k
views
iptables show just one chain
tldr: How can I get iptables to show just one chain?
I can have iptables show just one table, but a table consists of multiple chains. I need to find where in chain INPUT is the last rule (usually ...
- 1,121
28
votes
4
answers
38k
views
UFW comment existing rule?
I'm trying to comment an existing ufw firewall rule, but I can't find the exact command
I can easily add a rule with comment like:
sudo ufw allow in on eth0 to any port 80 comment 'test'
But how do I ...
- 415
27
votes
11
answers
379k
views
How can I find out if a port is opened or not?
I have installed Apache server on my Windows 7 computer. I was able to display the default index.php by typing http://localhost/ in the address line of my browser.
However, I am still unable to see ...
- 2,589
27
votes
4
answers
79k
views
Windows Advanced Firewall: What does "Edge Traversal" mean?
this should be a really simple one:
In Advanced Windows Firewall on Windows Server 2008+, Properties > Advanced, what does "Edge Traversal" mean?
I Googled it, of course, and was unable to come up ...
- 2,296
26
votes
5
answers
176k
views
How to remove access to a port using firewall on Centos7?
Had a port opened up to for public use using firewall-cmd, I wanted to limit this port to a specific IP which I found the answer for on this SITE.
I used the following to open it:
$ firewall-cmd --...
- 945
25
votes
7
answers
59k
views
Enable Ping in Windows Server Firewall?
I've just installed Windows Server 2008 on a server and I'm able to connect through Remote Desktop but can't ping. Do I need to open an special port on the firewall to be able to ping a server?
- 889
25
votes
3
answers
29k
views
Debugging iptables and common firewall pitfalls?
This is a proposed Canonical Question about understanding and debugging the software firewall on Linux systems.
In response to EEAA's answer and @Shog's comment that we need a suitable canonical Q&...
- 78.7k
25
votes
3
answers
98k
views
What does "incoming" and "outgoing" traffic mean?
I've seen many resources explaining how to set up a server's firewall to allow incoming and outgoing traffic on HTTP standard ports (80 and 443), but I can't figure out why I would need either of them....
- 353
25
votes
1
answer
14k
views
Relationship between bastion host and jump host
What's are the differences/similarities between a "bastion host" and a "jump host"? Are they usually used interchangeably?
- 353
24
votes
3
answers
146k
views
CentOS 7 Firewall Configuration
In CentOS 6 I could type setup from the command line and I would be presented with a set of tools, one of them being Firewall configuration. I can still do this in CentOS 7, except the list no longer ...
- 381