Questions tagged [iptables]
iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n
6,659
questions
0
votes
0
answers
17
views
Data from NF Tables to IP Tables
I have input data like below for NF Tables:
nft add rule filter input tcp flags != syn
nft add rule filter input tcp flags &syn!= syn
add rule filter output tcp flags & (syn | ack) == syn | ...
- 103
0
votes
0
answers
23
views
How to exclude dnsmasq used by libvirt from Mullvad VPN's "local network sharing" block
I don't use the local network except dnsmasq for libvirt. With blocking local network I have no DNS on my VM. For that reason I want to exclude dnsmasq from the local network sharing block with split ...
- 1
0
votes
0
answers
39
views
Parsing TCP flag Data for IP Tables
I have input file which has data like below
chain:VARIABLE_IN ip_version:v4 proto:tcp sport:5401 dst_ip:18.159.158.206 dport:5432 decision:a tcpflags:&syn!=syn
My code reads above data to form ...
- 103
0
votes
0
answers
49
views
Proxmox cannot route port from network bridge
I set up proxmox instance, all is working fine but i have a problem with port forwarding
i have:
server A with PUBLIC IP 1.2.3.4 and it's dedicated server (proxmox)
server B (VM on server A) in bridge ...
- 1
2
votes
0
answers
143
views
ip6tables does not filter fragmented packets
My final goal is to block all TCP IPv6 fragments with a specified destination IPv6 address (lets say it is one of google.com addresses 2a00:1450:4010:c0e::79).
This traffic is forwarded by host from ...
- 141
1
vote
1
answer
78
views
fail2ban ignores <HOST> IP address and bans all incoming traffic
I'm trying to enable fail2ban on Centos 7 with Apache.
I have an app which writes to the error log a specific string when login fails.
responds with the right IP address in the Banned IP list,
> ...
- 113
-1
votes
0
answers
25
views
Masquerade traffic from certain source subnet to VPN connection
I have an IP LAN network 192.168.100.0/24. In this network there are many client Windows PCs.
The default gateway is 192.168.100.1 and a Linux server (with IP 192.168.100.200) is opening a Cisco ...
0
votes
0
answers
48
views
Pod Stuck in Terminating State Due to iptables 'Chain Already Exists' Error in Kubernetes
I'm facing an unusual issue with a Kubernetes deployment using the Mailu Helm chart, specifically the mailu-front component. After updating the deployment, the newly created pod works fine, but the ...
- 101
0
votes
0
answers
38
views
How to set TCP flags "&syn!=syn" in iptables?
I have requirement where am getting parameters to set in iptables as below:
Rate Limit = 1/sec
Source port = 5432
Source IP = 203.0.113.0
Protocol = tcp
TCP flags = &syn!=syn
iptables -A PRIO_IN -...
- 103
0
votes
1
answer
34
views
What are the iptables command to enable docker network
I am on a debian like os and I decided to start my iptable filter from scratch, I droped everithing with this command:
sudo iptables -F
sudo iptables -X
sudo iptables -P INPUT ACCEPT
sudo iptables -A ...
0
votes
0
answers
28
views
Vaultwarden hardening
I’ve been to harden my security around the vaultwarden instance and currently unable to get the iptables working. The ban on Cloudflares side is working fine, although for some reason the iptables ...
1
vote
1
answer
41
views
Kubernetes - NodePort allow traffic from specific external IP(s)
I've a Kubernetes cluster with IPs: 10.10.10.1 (Master) 10.10.10.2 (Slave)
and I've a remote server with nginx with IP 12.12.12.12.
Right now I've configured a nodePort (31000) to allow access on a ...
- 11
0
votes
1
answer
51
views
How to proxy | forward | nat masquerade all traffic sourced from an IP to another IP elsewhere
I am setting up a new public network IP/24.
Sooner or later my old subnet public network IP/24 will be dropped.
In the meanwhile I would like to create a proxy to move all traffic to the OLD to the ...
- 143
0
votes
1
answer
46
views
What is the minimum and maximum value for --limit option in iptables?
I have below iptable rule
iptables -A PRIO_IN -p tcp -s 203.0.113.0 --sport 5432 -d 203.0.113.0 --dport 5432 -j ACCEPT -m limit --limit 100000/sec
When i run this rule, i get error as Rate too fast ...
- 103
0
votes
0
answers
39
views
How to pass "Source UID" to iptables?
Through command line, am setting firewall rules using iptable binary like below:
iptables -I PRIO_IN -p tcp -s "10.0.0.25/24" -d "10.0.0.26/24" -j ACCEPT
For above rule, now I ...
- 103
0
votes
0
answers
27
views
Custom OSSEC decoder working in ossec-logtest but not when real OSSEC is used
I'm having some trouble using a custom decoder I defined for OSSEC 3.7.0. I only need to extract srcip, dstip and protocol from my iptables logs, but OSSEC's decoders also extract srcport and dstport, ...
1
vote
1
answer
86
views
Applying nftables rules to macvtap interfaces
I'm trying to expose a libvirt (qemu) virtual machine to the open world on a separate address via a promiscuous device and attached macvtap, but at the same time protect the local network from ...
- 129
0
votes
2
answers
64
views
iptables drop to keep ports silent with no response
I am working on the network telescope stuffs (AKA. darknet, black hole), which need to make the port take no response to outer traffic (ie. when other servers PING or send SYN requests, my server ...
- 1
0
votes
0
answers
37
views
UFW IP does not block nginx
I have the following problem. I have an Alpine Linux system, not in a container. An Nginx web server and the UFW firewall run on it. If an Error 400 or 404 is triggered, UFW blocks the IP. This works ...
- 111
-1
votes
0
answers
76
views
Partially route client VPN traffic through nested VPN tunnel
The goal is to let user (roadwarrior) access subnet A through Gateway A, but route all traffic to resource B on the internet through Gateway B only.
Roadwarrior -> Gateway A <-site-to-site> ...
- 1
0
votes
1
answer
51
views
How to redirect an IP and port that is being listened to using iptables?
I have a server with two external IPv4 addresses. One address is essentially unused in that it doesn't appear in any DNS and I haven't employed it for anything. I want to use port 80 on it now, but ...
- 280
0
votes
0
answers
136
views
Why are my DNS query responses from Technitium failing to make it back to my kubernetes container?
I've explored every nook and cranny I can imagine, and I can't figure out what's going wrong.
I've got a k3s setup on my server where I'm hosting technitium in hostNetwork mode. Technitium is ...
- 1
-1
votes
0
answers
45
views
How to prevent to lockout from vpn server?
I have a wireguard server on VPS, I am able to connect through ssh. It has to put on port forward ssh command to wireguard client.
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-...
0
votes
1
answer
49
views
connect two interfaces and docker containers
There are two containers witch are on same network
compose example:
version: '3.8'
services:
A:
image: alpine:3.18
container_name: container-a
B:
image: custom-alpine-...
- 1
0
votes
1
answer
53
views
Converting iptables ruleset to Firewalld
Does anyone have a good resource or suggestion of how to convert an iptables rule set to firewalld? I'm migrating Centos 6 to Centos 7 (actually Oracle Linux 9 but let's pretend Centos 6). I could ...
- 1
1
vote
0
answers
105
views
Block outgoing connections for docker with iptables while allowing some IPs on Debian
I'm trying to block all outgoing connections for my docker containers while still allowing outgoing traffic to a specific IP and port. However when I block all outgoing ports, all incoming connections ...
- 11
0
votes
1
answer
40
views
iptables not accepting my rule
I am trying to add a rule to my iptables, so that traffic trying to connect on port 9091 is forwarded to a different IP address. When searching I found this answer, which seems to fit my exact use ...
- 17
0
votes
0
answers
24
views
iptables port forwarding rules only work for first response packet
I have the following scenario:
+---------------+ +-------------+ +-------------------------+
| PC | | Linux | | Router ...
- 101
0
votes
1
answer
53
views
How to route all traffic going to specific address to localhost using nft?
I need intercept traffic going to external IP and reroute it to localhost. Its quite simple using iptables, but I could not understand how to make it work through nft. I create table and chain inside ...
- 3
0
votes
1
answer
101
views
How to redirect ssh port to another port by username?
I have sshd: Listen 2222 on server, and what I want to do is:
ssh -p 2222 userA@ip, and server finds userA, then redirects this connect to 6122 port of this server, but I don't want to modify on my ...
- 1
0
votes
1
answer
68
views
Restrict access to Docker container port to ip adresses
There are several docker containers on my server, exposing ports. Now I try to restrict the access to the ports to IP-Adresses being able to insert rules without allowing the policy. I apply IP-Tables ...
- 1
1
vote
1
answer
149
views
Iptables block incoming connections to network interface from subnet
I have a Linux machine that uses Hostapd to serve a WiFi hotspot. I also have a Raspberry Pi that connects to this WiFi hotspot as a DHCP Client. The Linux machine has a Cellular interface and shares ...
- 113
0
votes
0
answers
95
views
OpenVPN Server on K3s Kubernetes Cluster: No Internet Access
I've set up an OpenVPN server on a K3s Kubernetes cluster. While I can successfully deploy the OpenVPN server pod and connect from a client machine, the client doesn't have internet access through the ...
0
votes
0
answers
29
views
Why does route rule not work when I set mark after the net packet go through the 'forward chain' of iptables?
I want to that all the packets through 'farword chain' redirect to local loopback, so that I can proxy this traffic. I set the route rules of iproute2 (all the packet with mark 1 is routed to local ...
0
votes
0
answers
51
views
Another iptables/ipset issue where connections are not being blocked
The listing at the bottom of this question is the output from "iptables-save" on my Debian system.
I set up an ipset list called "manual-block" to contain addresses of connections ...
- 220
-1
votes
1
answer
71
views
Years old iptables script breaks (-o option no longer exists?)
I've had a script for a while that forwards a port through my Wireguard VPN. Recently, I tried using it and it returned:
Bad argument `wg0'
Try `iptables -h' or 'iptables --help' for more information.
...
0
votes
1
answer
27
views
KVM iptables VM connect using host IP
I have three VMs on a host:
Hardware Host: 192.168.0.220
VM-1: 192.168.122.10
VM-2: 192.168.122.11
VM-3: 192.168.122.12
I can connect from one VM to the other using the VM's IP address (e.g....
0
votes
2
answers
74
views
Iptables blocking https/http
Have boring problem, my php admin not accesible when iptables runing. Rules:
# iptables -L -v -n | more
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out ...
0
votes
1
answer
67
views
WireGuard portforwarding setup
I need help with the following scenario:
I have a small instance on AWS, which should accept all traffic from ports 1024:65535 and should send it to my local server. The local server shouldn't send ...
- 21
0
votes
1
answer
134
views
How to allow kubernetes/calico traffic through iptables?
I have installed kubespray on my host. I want to close all ports on my host except the required ports. I want to add these rules:
iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -j ACCEPT
...
- 101
0
votes
0
answers
122
views
serverside fetch request timeout when request are to an external domain which has the same IP as origin domain
I'm currently running a SvelteKit app within a container which connects to an API running within aother container. Everything is connecting & going through locally using the container's internal ...
0
votes
1
answer
117
views
Wireguard with multiple local subnets using iptables
I'm trying to allow multiple local subnets when using a wireguard VPN. Below is the iptables config from my wireguard config file.
I'm assuming I have to write this in a different way, but I have no ...
- 1
0
votes
0
answers
46
views
Nat Local subnet to another gateway centos7
hi i have a centos 7 with ocserv and iptables installed
i wanted to route all OCserv teraffic to ip tunnel (which established and reachable)
my Server ip is 172.10.1.1
My OCSERV Users Subnet is : 192....
1
vote
1
answer
159
views
Blocking traffic from specific countries. How to kill existing connection?
Using Linux Debian Bookworm.
Problem
I want to block all incoming connections to my server coming from specific countries.
Edit
As someone pointed out in the comments, I really shouldn't be doing this ...
- 259
1
vote
0
answers
93
views
Strange Networking Issue: Ports 80 and 433 Unreachable from Outside, Docker
I'm encountering a perplexing networking issue that has me scratching my head. Here's the situation: I'm unable to access ports 80 and 433 from the outside, but I can forward any other port within ...
0
votes
0
answers
26
views
iptables port forwarding to different local addresses
I would like to forward local traffic to 127.0.0.2:30041 to 127.0.0.2:40041 and 127.0.0.3:30041 to 127.0.0.3:40041.
When I use
sudo iptables -t nat -A OUTPUT -o lo -p udp -m udp --dport 30041 -j ...
- 101
0
votes
1
answer
60
views
VPN on Linux - IP routing issue
I got the following scenario:
an ubuntu server 20.04 lts, for simplicity named A server with the following network interfaces:
loopback
enp1s0 (wan) PUBLIC-IP/23
enp8s0 (lan) 10.9.96.3/20
ppp0 (l2tp) ...
0
votes
0
answers
28
views
Openvpn forward all traffic not working unless I flush iptables
I want to run an openvpn which forwards all traffic, but it only works when I flush my iptables rules. Can someone tell me which rule(s) are causing the problem?
iptables-save output:
*nat
:PREROUTING ...
- 1
0
votes
0
answers
210
views
Proxying Traffic from Android with iptables
I have a Android device, and I'm trying to redirect HTTPS traffic to another host on my local network.
I've tried defining the proxy in the device network configuration, which works for everything ...
- 101
1
vote
2
answers
87
views
LXC container fail to load big iptables rules
I'm facing a strange problem when I try to load a big iptables set of rules on a LXC container (it's working fine on a virtual machine).
The container is running Linux Debian 12 bookworm.
I'm able to ...
- 145