All Questions
228 questions
0
votes
0
answers
17
views
Trying to whitelist `DOCKER-USER` ports but it blocks containers from resolving DNS
I have some containers that are bound to the host but I don't want them to be exposed to internet except HTTP ones. So I do:
sudo iptables -F DOCKER-USER
sudo iptables -I DOCKER-USER -i ens3 -p tcp -m ...
- 672
0
votes
0
answers
23
views
Rejected ports within `DOCKER-USER` are still visible from nmap as "filtered"
by default Docker will adjust iptables according to containers bound to the host... but in my case I don't want to have all exposed to internet. What I'm doing is modifying the chain DOCKER-USER so it ...
- 672
0
votes
0
answers
24
views
posix_spawn is failing while applying iptable rules
I have a code to apply IPv4 Firewall Rules. Code will read rules from local text file and parse the data to form rule. Once rule is formed, using posix_spawn rules will be applied. Below is my code:
...
- 926
-2
votes
1
answer
69
views
How to pass "Source UID" to iptables?
Through command line, am setting firewall rules using iptable binary like below:
iptables -I PRIO_IN -p tcp -s "10.0.0.25/24" -d "10.0.0.26/24" -j ACCEPT
For above rule, now I ...
- 926
-1
votes
1
answer
206
views
GCP overriding iptables rules in centOS [closed]
I created a CentOS machine from base image that can be found in GCP. After powering on I looked at the iptables rule, seems like everything is on
I removed all the firewall rules and chained ones as ...
- 39
2
votes
2
answers
3k
views
How to resolve iptables error "Couldn't load match 'conntrack'" in docker container?
I have a Windows 10 host with Docker running. Inside Docker I run two Rust container. I would like to set up a Firewall inside one of them.
The Compose File:
version: '3'
services:
outer-endpoint:
...
- 21
0
votes
1
answer
333
views
'ipset add' from python script
I have existing ipset mylist, which I created with this command:
ipset create mylist hash:net
Now, I would like to be able, from my python script, to add IPs to this list. This is the command I ...
- 507
0
votes
1
answer
368
views
Unable to append rules in iptable in docker
I am trying to add a rule which looks like:
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.8 tcp dpt:21102
...
- 197
0
votes
0
answers
87
views
Signal Proxy in GCP VM does not listen on port 80
I wanted to install a Signal proxy on Ubuntu VM in GCP.
I used the following:
https://github.com/gabyx/IranAProxy
./create-vm.sh
which creates the VM with a static global ip and http and https ...
- 9,404
2
votes
2
answers
2k
views
Can't access port 80, 443, 5432 from ec2 aws even though fully set up
I am new to aws and created an EC2 instance to start migrating my source code from DigitalOcean. The problem is that I can't access any open ports on my EC2 other than port 22 through the ssh client. ...
- 320
2
votes
1
answer
415
views
Why would an iptables nat prerouting rule continue to redirect even after removal
To give as basic of a rundown as possible, I have 2 servers running. One server is apache running on 80, the other is a recaptcha server daemon I've created in golang running over 29999. I have an ...
- 97
1
vote
1
answer
8k
views
MacOS iptables equivalent [closed]
I recently switched from Linux to Mac.
My symfony application runs in a docker-compose setup
and has a socks5 proxy, I want to tunnel an ssh connection to.
SYMFONY_APP_PROXY=socks5h://172.17.0.1:8086
...
- 43
0
votes
1
answer
853
views
Unable to communicate from one Docker container to an exposed container on the same machine
Currently I'm trying to make one container communicate with another one that is exposed and running on the same machine.
Lets say the external IP address is 123.123.123.123 and I exposed a basic NGINX ...
- 516
-1
votes
1
answer
57
views
Can't Access Port number 80
I added to my Input-Chain a rule for accepting port 80 with:
iptables -I INPUT 10 -p tcp --dport 80 -j ACCEPT
So my iptable looks like this:
Chain INPUT (policy ACCEPT)
target prot opt source ...
0
votes
0
answers
5k
views
docker, container ports and iptables
I have inserted an iptables rule to block access to my containers from the internet (according to the official docker docs), but now my containers cannot access the internet either.
I run a container ...
- 6,558
0
votes
1
answer
744
views
Why is ICMP (ping) request blocked, when sending to HTTPS server when port 443 is blocked by iptables filter? [closed]
ICMP Protocol is not using either TCP or UDP
as far as I understand doesn't use the concept of ports.
So I blocked outgoing packets on port 433 i.e going to an HTTPS server:
(sudo) iptables -I OUTPUT -...
- 176
1
vote
0
answers
708
views
Linux containers: command to temporarily block local port?
From within a container, I'm trying to temporarily block access to a port in the same network. For example:
services:
cli:
image: node:latest-alpine
redis:
image: redis:latest-alpine
...
- 25
0
votes
1
answer
388
views
Docker blocks incoming connections [duplicate]
I have deployed a simple Flask server in a docker container. The app accepts connections on port 7005 and I have exposed the port 7005 on docker. I can see the docker is actively blocking connections ...
- 3,278
5
votes
1
answer
5k
views
Docker: limit outgoing connections to the localhost only, while allowing all incoming connections
Some programs in my docker container are making unwanted requests to e.g. Google Analytics and other tracking software, sharing my information. I want to block all this traffic, while still being able ...
- 161
0
votes
1
answer
189
views
Filter DHCPv6 solicit packets
I am trying to filter the dhcpv6 solicit(1) packets using ip6tables rule but the following rule is not working:
ip6tables -t mangle -A OUTPUT -p udp --dport 547 -m u32 --u32 "48@0>>24&...
- 11
2
votes
1
answer
1k
views
How can we block X-Fordward-For header IP (https request) with IPtables
Basic Overview
We are trying to set up Rate Limiting on our server. we are using Nginx as a webserver and fail2ban for blocking IPs with Iptables.
IPtables can block IPs if a request hits direct our ...
- 33
10
votes
1
answer
5k
views
How to configure firewalld with docker 20.10 [closed]
I realized that recently docker add integration with firewalld and I just want to setup my server using firewalld instead of iptables boring rules and chains.
This is my docker zone output:
root@test:...
- 1,020
0
votes
0
answers
341
views
Can't reach docker container from the internet when using host network
I tried to set up different containers using the --network host setting and could not connect to any of them. The debian and docker installations are as unmodified as it gets.
Using the bridge network ...
- 21
-1
votes
1
answer
115
views
What is being logged in iptables with these entries?
I have a server behind a hardware firewall supplied by the phone company. I'm logging these entries with iptables. Do these entries imply that the connection attempts from the SRC= addresses are ...
- 16
1
vote
1
answer
2k
views
fail2ban port=https,http blocks only https not http
I have installed fail2ban to slove down the brute force attack to my hosted WordPress pages on a Debian 10 LAMP. The filters search for the IP and add this IP address to ipset. As it is, it catch some ...
- 73
0
votes
1
answer
898
views
Why does my iptables firewall block all sites except Google sites? [closed]
Thanks so much for taking the time to help me with this problem I'm attempting to solve.
I'm using a Raspberry Pi4 running on the Raspbian (Debian-derived) distro.
I'm learning a lot about setting up ...
- 31
0
votes
1
answer
1k
views
How can I log outgoing TCP to IP and not (HTTP) iptables
I'm new to iptables and Linux-firewall in general. Can somebody help me with it?
I want to write a table using iptables that will log outgoing TCP connections to a specific IP address, except these ...
- 13
0
votes
2
answers
1k
views
iptables lets SYN/ACK packet through without having received a SYN packet before. Is this behavior normal?
In my scenario a SYN packet is sent to a web server in LAN1 via an out-of-band channel. The web server responds via the default gateway where an iptables firewall is configured. In my understanding ...
- 1
1
vote
1
answer
2k
views
Ubuntu - firewall rules MySQL on host | Docker containers to host
Is there any possible way to setup the host firewall to allow connections only for the network Docker containers uses?
Intro
The only way I was able to connect to a OS hosted MySQL instance from my ...
- 391
0
votes
0
answers
168
views
Docker limitations with iptables
I developed a kind of firewall application which dynamically manipulates iptables (creation, modification, deletion of chains, ROUTING, NATs ...). People ask me if the application is available in ...
- 35
0
votes
1
answer
2k
views
Blocking YouTube videos with iptables
I'm trying to find a way to block YouTube video playback on my kid's Ubuntu computer. I created a shell script to get Youtube IPs and add them to iptables for incoming packets to be dropped. To do so ...
- 513
0
votes
0
answers
624
views
Allow traffic on port / ubuntu
I'm getting crazy over this problem for over a week now.
I have a Raspberry Pi (Raspbian lite) directly connected with an ethernet cable to my laptop (Ubuntu), and I want to communicate with my ...
- 199
1
vote
0
answers
345
views
google cloud RDP forwarding
I try to configure google cloud virtual machine to forward RDP to other IP address.
It is because I need to access windows machine via RDP that is not listening on standard 3389 port that I have open, ...
- 17
0
votes
1
answer
489
views
How to redirect a request to localhost?
I created an iptables-rule:
-A PREROUTING -s 192.168.XXX.XX/32 -d 192.168.YYY.YY/32 -p tcp -m tcp --dport 65430 -j DNAT --to-destination 127.0.0.1:65435
I even used sysctl -w net.ipv4.ip_forward=1, ...
0
votes
1
answer
2k
views
how do i add firewall rules to allow nodeports accessed over virtual ip in kubernetes
I have a kubernetes cluster where control planes are working in HA through keepalived's VIP configured among them(installed only on control nodes). Everything works as expected when firewall is ...
- 146
-2
votes
1
answer
2k
views
Centos 7 connection timeout for all web services and SSH
After recovering iptables config I encountered an issue with connection timeouts to my centos server. I can access my website with no problem (though it loads unusually long), but accessing any other ...
0
votes
0
answers
130
views
How to connect from one server to another server`s postgresql database by configuring firewall
I am trying to connect from Ubuntu 16.04 server to Gentoo server`s Postgresql database. But i cannot connect to it. Ubuntu server has internet with static Ip: 93.154.53.88. In my Gentoo server has Ip:...
- 659
1
vote
0
answers
927
views
Centos iptables shows rules but no service is installed
I realized iptables --list is showing rules in a CentOS server, but systemctl status/start/stop iptables says that there's no service installed.
firewall-cmd is disabled but I can't still telnet open ...
- 1,545
0
votes
2
answers
1k
views
iptables rules for jupyter notebook
having trouble with the iptables setting for jupyter notebook. with the following rules (assume notebook port 8888), jupyter notebook server would be launched successfully, but the actual notebook ...
- 317
-1
votes
1
answer
2k
views
How to convert iptables-service rules into firewalld rules?
I'm working on setting up vpnserver and I have IPTables rules that need to be converted to Firewalld rules
Enable nat and postrouting:
iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-...
- 31
0
votes
1
answer
218
views
Blocking my vps from connecting to other vps/ip/port via sshd
I would like to deny any connection from my vps to other vps/ip/port via sshd.(443)
I tried using iptables and firewall rules, seems that still nothing worked.
iptables -A INPUT -s 1.1.1.1 -j DROP ;
...
- 11
0
votes
0
answers
195
views
Unable to connect NodeJS on VPS to MySQL on another hosting
I deployed my nodejs app on a VPS but it can't connect to my MySQL database hosted in another server but it works in my PC and another VPS .
I decided to test that connection doing this:
nmap -p ...
0
votes
1
answer
1k
views
How to block access to a specific website
I'm trying to test a product in two different scenarios - when there is access to Youtube.com and when there isn't.
The product is accessible through the internet, so I tried to block youtube's IP ...
1
vote
0
answers
2k
views
iptables command returns "No chain/target/match by that name."
I'm using yocto linux and I've installed iptables and the corresponding linux drivers.
Everything works fine using commands like: iptables -P INPUT DROP.
What I want to do though is iptables -A ...
- 659
-1
votes
1
answer
2k
views
Open ports only on specific domains
I am looking for the right command to open ports only to specific domains. The domain and its subdomain, go to the same server (CentOS)
However, for security reasons, I only want to open the posts on ...
- 1
0
votes
3
answers
432
views
Group various conditions inside one IF in a bash script
I'm trying to group these conditions but it's returning:
awaited conditional binary operator
waiting for `)'
syntax error next to `$thetime'
` ( dateutils.dtest $thetime --gt '09:30:00' && ...
- 601
0
votes
1
answer
470
views
what does -d 0/0 mean? [closed]
I came across a rule:
iptables -A INPUT -p tcp -s 17.3.3.5/24 -d 0/0 --dport 22 -j DROP
and I was just wondering if someone could explain what this rule is doing. More importantly, I would like to ...
0
votes
1
answer
622
views
Migrating from iptables to firewalld settings with ansible in CentOS 7
I'm setting up a new Redis cluster on my webservers, and currently I was adding some chain rules with the iptables settings, but now I'm switching to automatically deploying through ansible.
My ...
- 35
1
vote
1
answer
1k
views
How to redirect external incoming traffic from one port to another? (Linux/iptables/ufw) [closed]
I am setting up a VPS for VPN purposes. The idea is to lift as many limits as possible on public networks.
One idea is to redirect the incoming OpenVPN connections on port 53 to the default OpenVPN ...
- 331
3
votes
1
answer
3k
views
Allowing some IPs in DOCKER-USER chain for inbound traffic, rejecting all the rest
I'm trying to allow only certain IP addresses to access ports exposed by docker containers on the host. All the rest external IPs should not be able to access them (even if I expose a port on 0.0.0.0)....
- 568