Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6406 questions
44
votes
2 answers

iptables and multiple ports

This doesn't work for me: # iptables -A INPUT -p tcp --dports 110,143,993,995 -j ACCEPT iptables v1.4.7: unknown option `--dports' Try `iptables -h' or 'iptables --help' for more information. However in the man page, there is an option --dports...…
Zenet
  • 878
  • 4
  • 10
  • 14
40
votes
6 answers

iptables error: unknown option --dport

The command iptables no longer recognizes one of the most commonly used options when defining rules: --dport. I get this error: [root@dragonweyr /home/calyodelphi]# iptables -A INPUT --dport 7777 -j ACCEPT_TCP_UDP iptables v1.4.7: unknown option…
Calyo Delphi
  • 511
  • 1
  • 4
  • 6
39
votes
2 answers

Can I use ufw to setup a port forward?

Im currently using ufw to enforce some basic firewall rules. Is it possible to also use ufw to do port forwarding? Specifically im wanting to forward incoming traffic to my server (same machine running ufw) on port 80 to port 8080. (http traffic…
tinny
  • 461
  • 2
  • 5
  • 11
38
votes
3 answers

Debugging rules in Iptables

How can I know how many packets were dropped by my iptables rules ?? Is there any debugging mechanism to see which rule is Dropping my packet or Accepting it ??
codingfreak
  • 551
  • 1
  • 7
  • 15
38
votes
7 answers

iptables multiple source IPs in single rule

I'd like to create a single rule in iptables (if possible) that uses multiple source IP addresses. Is this possible?
Glen Solsberry
  • 1,506
  • 5
  • 28
  • 35
38
votes
8 answers

Force local IP traffic to an external interface

I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to forward all the traffic sent to one of these local addresses through the other interface. For instance, all…
calandoa
  • 1,255
  • 2
  • 12
  • 14
37
votes
3 answers

How to reset Ubuntu 12.04 iptables to default without locking oneself out?

Could anyone kindly provide the commands to completely reset the iptables (firewall) for Ubuntu 12.04 to its default "factory" setting? From what I understand, doing this wrong would cause one to be locked out of the linux box?
Honey Badger
  • 809
  • 3
  • 11
  • 15
37
votes
4 answers

What is the mangle table in iptables?

I am using iptable rules to filter & manipulate packets in my Ubuntu server. but I cannot understand the mangle table. Quoting from this iptables tutorial: This table should as we've already noted mainly be used for mangling packets. In other…
pylover
  • 708
  • 3
  • 9
  • 15
37
votes
6 answers

Hardware Firewall Vs. Software Firewall (IP Tables, RHEL)

My hosting company says IPTables is useless and doesn't provide any protection. Is this a lie? TL;DR I have two, co-located servers. Yesterday my DC company contacted me to tell me that because I'm using a software firewall my server is "Vulnerable…
Smudge
  • 24,039
  • 15
  • 57
  • 76
36
votes
1 answer

What is the point of the docker-proxy process? Why is a userspace tcp proxy needed?

I have noticed that there is docker-proxy process running for each published port. What is the purpose of this process? Why is a user space tcp proxy needed for this? $ ps -Af | grep proxy root 4776 1987 0 01:25 ? 00:00:00 docker-proxy…
Tarnay Kálmán
  • 1,038
  • 1
  • 7
  • 19
36
votes
4 answers

How to allow a range of IP's with IPTABLES?

Here is my iptables, how can I make it so that I can allow a range of ip's on ETH1 (10.51.x.x) # Generated by iptables-save v1.4.4 on Thu Jul 8 13:00:14 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :fail2ban-ssh -…
Kladskull
  • 1,265
  • 5
  • 15
  • 32
35
votes
2 answers

Why is Google approaching my VPS machine?

I'm trying to track network activities on my machine running CentOS 7. According to iptables logs, it seems that Google (74.125.133.108) is approaching my VPS many times. I can see that source-port is always 993. What is the reason for…
ishahak
  • 501
  • 4
  • 8
35
votes
5 answers

Allow traffic to/from specific IP with iptables

i want to allow all traffic to specific ip, using iptables. tryed by adding lines: /sbin/iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT ... but still can not acess to remote ip…
user48058
  • 853
  • 3
  • 10
  • 19
34
votes
9 answers

How to duplicate TCP traffic to one or multiple remote servers for benchmarking purposes?

Infrastructure: Servers in Datacenter, OS - Debian Squeeze, Webserver - Apache 2.2.16 Situation: The live server is in use by our cusotmers every day, which makes it impossible to test adjustments and improvements. Therefore we would like to…
Sise
  • 385
  • 2
  • 4
  • 9
34
votes
4 answers

How to block internet access to certain programs on Linux

Recently, I have encountered a problem of limiting Internet Access to specific programs. Could anybody recommend a good way of doing that, without using any particular software?
Ilia
  • 1,004
  • 1
  • 10
  • 19
1 2
3
99 100