IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [iptables]

An application that allows a user to configure the tables provided by the Linux firewall. iptables is succeeded by nftables as of 2014.

iptables is an application that allows a user to configure the tables provided by the Linux firewall. iptables is succeeded by nftables as of 2014.

Related reading

166 questions
23
votes
2 answers

Reject IP packets with an ICMP error, or just drop them?

Consider an internet-facing host (the outer firewall). What should be done with undesired traffic: just drop it, or send back an ICMP error such as port unreachable? (In Linux terms: iptables -P DROP or iptables -j REJECT?) This isn't about the…
Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
21
votes
6 answers

Do machines without any listening services need a firewall to block incoming connections?

Let's assume we have an example machine connected to the internet. This machine is typically a client one, and it has no services like ssh running on. Does this kind of machines need any firewall to restrict incoming connections? On the one hand,…
Mikhail Morfikov
  • 563
  • 1
  • 4
  • 15
21
votes
2 answers

Fully transparent proxy

By default, mitmproxy will use its own local IP address for its server-side connections. What I want instead is mitmproxy to use the client’s IP address for server-side connections. The following config is supplied to make this…
Ghxst
  • 311
  • 1
  • 3
16
votes
4 answers

Tips for a secure iptables config to defend from attacks. (client side!)

Own examples: ############### # KERNEL PARAMETER CONFIGURATION # PREVENT YOU SYSTEM FROM ANSWERING ICMP ECHO REQUESTS echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # DROP ICMP ECHO-REQUEST MESSAGES SENT TO BROADCAST OR MULTICAST ADDRESSES echo…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
13
votes
1 answer

Connection to ports 2000 and 5060 successful despite filtering

I run my own (Ubuntu based) router and have iptables configured to drop all incoming packets by default. To my surprise, running an nmap scan (from the WAN side) shows two open ports related to VOIP: nmap -Pn -v --reason XXX.net Starting Nmap 7.60…
Christian David
  • 233
  • 1
  • 2
  • 5
12
votes
1 answer

Is it safe to disable connection tracking in iptables?

While reading about NOTRACK target of raw table in iptables, I encountered an article suggesting that for certain traffic you could (or even should) disable connection tracking. The two examples were: (1) all kind of routed packets, and (2) if you…
Mikhail Morfikov
  • 563
  • 1
  • 4
  • 15
11
votes
1 answer

Has a remote rogue DNS client managed to slip through the first iptables rule of a Linux DNS server?

Ubuntu 20.04 iptables 1.8.4-1 I experienced a situation where a remote system seemed to be able to slip through the first iptables rule of a Linux server located behind a NAT router: -A INPUT -s -j DROP Despite the…
jean-christophe manciot
  • 233
  • 2
  • 7
8
votes
2 answers

Test firewall rules (Linux)

I have a question about how to test the firewall rules. To be more specific, for academic purpose I have to set up a machine which will accept all kind of packets o a specific interface. I added an IP Table rule: sudo iptables –A INPUT –i eth0 –j…
Alex
  • 412
  • 1
  • 8
  • 14
8
votes
1 answer

Nmap - Intense vs Quick result

I inherited a small network and currently am assessing its security performance. I started port scanning a host (lets call it Weirdo) in that small network and from my perspective, it seems that that specific host has some kind of port scanning…
kiltek
  • 181
  • 1
  • 5
7
votes
2 answers

How web application firewalls protect application from DDoS attacks?

How to protect a web application from DDoS by the implementation of Web Application firewalls? How effective is this method?
Anonymous Platypus
  • 1,392
  • 3
  • 18
  • 33
7
votes
4 answers

SIP UDP request breaking through iptables

I have been investigating a few instances recently where SIP UDP traffic has been somehow evading the ruleset defined in iptables leading me to suspect that there is a hole in our rules so i'm looking for advice on how to bolster defences on the…
puppyFlo
  • 201
  • 1
  • 5
6
votes
5 answers

Firewall demo - iptables

I have to make a demonstration about firewalls in my class as a student(university). It should be implemented using iptables on Linux. I am reading all the theories around them but I can't figure out a good use case to present at class. I can show…
GorillaApe
  • 169
  • 3
6
votes
1 answer

ARP spoofing with Scapy. How does Scapy reroute traffic?

Background: I understand that in order to ARP spoof a victim in a network using Scapy, we need to send ARP reply packets to the victim and the gateway router with the correct destination and Source IP address, but with the attacker's source Mac…
0x5929
  • 335
  • 4
  • 13
6
votes
3 answers

What are the security implications of net.ipv4.conf.eth0.route_localnet=1 / route_localnet?

sudo sysctl -w net.ipv4.conf.eth0.route_localnet=1 What are the security implications of route_localnet?
adrelanos
  • 680
  • 7
  • 21
5
votes
2 answers

Benefits of REJECT over DROP on a single PC

Recently I learned about the difference between DROP and REJECT in a firewall. I understand that REJECT is better because it closes the connection immediately instead of waiting for timeout as DROP does, and also it's better for troubleshooting. I…
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
1
2 3
11 12