Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators.

Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6670 questions

votes

3 answers

IPTables only allow localhost access

I have struggled throughout the years to get a solid understanding on iptables. Any time I try and read through the man pages my eyes start to glaze over. I have a service that I only want to allow the localhost to have access to. What terms (or…

iptables

asked Mar 14 '11 at 14:37

iptablessuck

votes

3 answers

Iptables, what's the difference between -m state and -m conntrack?

What's the practical difference between: iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT and iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Which one is best to use? Thank you.

iptables

asked Feb 10 '12 at 22:56

Bourne

1,049

votes

4 answers

What is the mangle table in iptables?

I am using iptable rules to filter & manipulate packets in my Ubuntu server. but I cannot understand the mangle table. Quoting from this iptables tutorial: This table should as we've already noted mainly be used for mangling packets. In other…

iptables

asked Jan 14 '13 at 04:49

pylover

votes

7 answers

iptables multiple source IPs in single rule

I'd like to create a single rule in iptables (if possible) that uses multiple source IP addresses. Is this possible?

iptables

asked May 11 '09 at 13:09

Glen Solsberry

1,556

votes

4 answers

How to allow a range of IP's with IPTABLES?

Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x) # Generated by iptables-save v1.4.4 on Thu Jul 8 13:00:14 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :fail2ban-ssh -…

iptables

asked Jul 17 '10 at 13:28

Kladskull

1,275

votes

4 answers

Allow traffic to/from specific IP with iptables

i want to allow all traffic to specific ip, using iptables. tryed by adding lines: /sbin/iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT ... but still can not acess to remote ip…

iptables

asked Jul 22 '10 at 16:29

user48058

votes

2 answers

Why is Google approaching my VPS machine?

I'm trying to track network activities on my machine running CentOS 7. According to iptables logs, it seems that Google (74.125.133.108) is approaching my VPS many times. I can see that source-port is always 993. What is the reason for…

iptables

asked Jul 17 '19 at 13:34

ishahak

votes

3 answers

Is it enough adding iptables rules without restart?

(Ubuntu server) Im running sudo iptables -A INPUT -s 127.0.0.1 -j ACCEPT sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 4/sec -j ACCEPT and then sudo iptables-save To get the function of the iptables rules,…

iptables

asked Mar 13 '11 at 10:38

cewebugil

votes

3 answers

I have a file with all the iptable settings. How do I load this into my server?

My system admin gave me a file with iptables rules. What command do I type in to load this? I watched him do it before, and he did it in 1 line! Something like...iptables > thefile.dat ????

iptables

asked Sep 29 '09 at 06:28

Alex

8,591

votes

3 answers

When using iptables firewall rules, why assert NEW state on all allowed ports?

I often see iptables configured to allow all pakets to RELATED connections, and the specific service ports to NEW connections. What is the reason for stating NEW? If an connection is not NEW, it is RELATED I guess, so the specific port rule will…

iptables

asked Feb 27 '14 at 13:18

dronus

1,188

votes

2 answers

Don't understand [0:0] iptable syntax

I'm struggling with some iptables rules. I'm a newbie in iptables. I found some resources where I get the following command related to iptables. This is stored in a file that will be executed. [0:0] -A PREROUTING -s 10.1.0.0/24 -p tcp -m tcp --dport…

iptables

asked Mar 27 '12 at 10:43

artaxerxe

votes

4 answers

Enable iptables on one interface

I want iptables to filter only one interface, eth0, which is facing WAN. How can this be done? And I want to keep ftp and ssh ports open on eth0.

iptables

asked Mar 08 '11 at 17:00

nixnotwin

1,553
5
35
55

votes

1 answer

How to open a 8080 port for an application, with iptables

I am a total newbie concerning servers so excuse my humble question :-) Someone developed for me a python application that acts as a web serveur. This TCP application needs to listen to port 8080. [root@blabla jll]# netstat -tanpu | grep ":8080" tcp…

iptables

asked Mar 17 '11 at 11:35

user74828

votes

2 answers

Will iptables rules continue to work if an interface has been deleted and created again?

My server connects to some strange resources via OpenVPN, and every time the OpenVPN client starts up, an ovpn interface is brought up. I want to expose only selected ports (say, MySQL) to this interface, so I have this rule in my iptables: iptables…

iptables

asked Dec 11 '19 at 05:03

iBug

1,308

votes

1 answer

Youtube not blocked by iptables

On our Ubuntu machine I have attempted to block internet access to one of the user accounts by adding the following line to /etc/network/interfaces: pre-up iptables -A OUTPUT -p tcp -m owner --uid-owner 1001 -j DROP This works well except somehow…

iptables

asked Sep 21 '19 at 17:31

spencerrecneps

2 3

…

32 33 Next