| |
| |
| |
|
Page: 1 2
Comments:
<0> iptables -I FORWARD -i eth0 -o eth1 -m dstlimit --dstlimit 10000 -j ACCEPT
<0> would that restrict the connection speed between eth1 and eth0 to 10Kb/s
<0> i am trying to cap the upload at 10Kb/s
<0> and the download at 100Kb/s
<1> re all
<2> hey guys
<2> is it possible to use iptables to block port scans of multiple addresses at a router level?
<2> something like setting a threshold of number of addresses accessed per time period?
<3> you could do a count using -m recent, just using the source address of the portscan
<4> un yorugua
<5> no que haces aca ?
<4> curioseando =P
<1> danieldg: that ok, if I know the source addr. But if I do not?
<4> te agarre infraganti
<5> si me gustan estos temas
<3> Estagus: that's what the recent module records for you
<1> danieldg: I can not see how "recent" can help to DROP a packets when a client scans a big subnet... even scan of a one port on a subnet... but not to break a normal work...
<3> ok, what are you trying to block? one of your clients scanning?
<1> any scan of any client
<3> who's scanning?
<1> client's
<1> something like setting a threshold of number of addresses accessed per time period
<3> recent could do number of new connections in a time period
<1> at this time port scan can be ignored
<6> hello , does iptables support webdav??
<3> how would it need to support webdav?
<6> what happens is that i use a linux firewall with iptables
<6> and in my Lan i have an exchange mail server
<6> i need to use the OWA feature
<3> owa=?
<6> outlook web access
<6> from the WAN
<3> ah. that should just work if you have http forwarded
<6> it works
<6> but when the user logs in it doesn't show up the inbox or mails
<6> searching at microsoft i found this
<6> http://support.microsoft.com/kb/280823/en-us
<6> Internet Explorer version 5.0 and later supports HTTP-DAV as described in Request for Comments (RFC) 2518). Distributed Authoring Version (DAV) uses Hypertext Transfer Protocol (HTTP) verbs that your proxy server or firewall does not recognize. Additionally, your proxy or firewall solution does not permit you to customize the list of approved HTTP verbs.
<3> "firewall" there means transparent proxy
<6> then what else coud it be?
<6> if i enter fron the lan it works perfectly
<3> no idea. I'd see if I could find the problem using ethereal. You're not using a transparent proxy, right?
<6> like squid?
<3> yes
<6> no its only iptables based
<6> it's weird
<7> danieldg - robw810 told me you should know this , how is ICMP doing port 80 Time: Feb 27 21:05:33 Source: 66.161.12.81 Destination: 10.10.236.103 In IF: eth0 Out IF: Port: 80 Length: 68 ToS: 0x00 Protocol: ICMP Service: HTTP
<7> or if any of you know how that could be !!
<8> icmp error packets include the headers of the packet that generated the error.
<8> what logginge program are you using?
<7> firestarter
<7> i should load snort!
<9> hello every one
<9> can some one tell me how can i block all trafic and allowed trafic from "mac address" which are allowed
<9> i use these lines
<9> iptables -I INPUT -p all -m mac --mac-source 00:04:AC:16:27:9B -j ACCEPT
<9> and iptables -I INPUT -p all -j DROP
<9> but it will drop all of my connection :(
<9> can some one tell me how to achive this goal ?
<10> L|NUX: you need to accept ESTABLISHED,RELATED
<10> (first)
<9> on same chain ?
<10> yeah
<9> okis
<9> wait
<10> If you don't allow packets of established connections, then you're not going to get any return traffic with a DROP policy
<9> iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<10> yep
<9> now
<9> what next ?
<9> now should i use my lines ?
<10> yep
<10> Bear in mind that if you currently have any established connections from that box, you'll need to kill them before you'll see any changes
<9> okies
<9> :)
<9> it will again drop me :(
<9> root (mbox:1:0)~ # iptables -I INPUT -p all -m mac --mac-source 00:50:04:60:1D:6D -j ACCEPT
<9> root (mbox:1:0)~ # iptables -I INPUT -p all -m mac --mac-source 00:0A:F4:0B:B1:81 -j ACCEPT
<9> root (mbox:1:0)~ # iptables -I INPUT -p all -j DROP
<9> root (mbox:1:0)~ #
<9> hang now :(
<9> what to do
<9> ?
<10> Well, it shouldn't have dropped you if you put in the ESTABLISHED line
<9> i did bro
<10> ah
<10> You put the next three rules first
<9> should i show you the output of iptables -L INPUT -n --line
<10> -I inserts at top of chain
<9> humm
<9> so should i use -A
<9> :)
<10> The rules are evaluated in order -- put most specific rules first --> that's why ESTABLISHED,RELATED should be first
<10> You have physical access to box?
<9> yeah
<9> but if i don't then
<9> :)
<10> I'd flush all and start over then
<9> okies
<10> Make sure you accept all on lo interface
<9> tell me how can i change rule order
<9> like if i don't have physical access
<9> then
<9> :)
<10> Not to sound trite, but until you reach the point where you don't have to ask that, I wouldn't manipulate the ruleset remotely :-)
<9> :)
<10> The tutorial the /topic is your friend ;-)
<9> what do you think
<10> Just remember -I inserts at top of chain, -A appends to end of chain
<9> iptables -I INPUT 1 .....
<9> :)
<10> right
<9> :)
<9> works
<9> :)
<9> thanks
<9> but bro
<9> there is an issue
<9> i think
<10> k
<9> it will allow every one
<9> :(
<9> but i only want to allow only from mac
<9> ok
<9> got it
<9> :)
<10> Understand though, that macs are easily spoof-able (in linux anyway - don't know about Win)
<9> brb
<9> humm
<9> ifconfig helps :P
<9> heh
<10> hehe
<9> thanks bro
<11> good morning
<12> Ok, now I'm confused. I have syslog connecting to stunnel on localhost (syslog->localhost:514), and stunnel connects to another host afterwards (514->stunnel->remote:1469). After creating OUTPUT rules, this stopped working...
<12> ...until I created a rule to allow outgoing port 514! WTF? I thought INPUT should take care of this.
<11> no
<11> have you got remote port 1469 allowed in output?
<11> output is outgoing connections
<12> rza: Yeah, sure, the first thing I did.
<11> iptables -L && iptables -L -t nat
<11> and paste to pastebin.com
<13> Localhost 514 is going out (syslog->localhost:514).
<12> rza: Thanks, no need any more, I got it working. Only, I'm disappointed that I obviously had a wrong conception about it.
<11> did i help you at all?
<12> rza: No, you came in too late ;) Where were you yestarday?
<11> playing enemy territory
<14> Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL ( from http://www.stunnel.org/ )
<11> s/playing/played/
<12> rza: Yes, I was not playing, I was just intending to...
<14> syslog is UDP
Return to
#iptables
or
Go to some related
logs:
#perl
djpirate
#gentoo
gedit python raw_input
mongolian custard
#javascript
#css
2004c_suse-2 config
#ubuntu
Ubuntu+remove programm
|
|