All Questions
63 questions
0
votes
0
answers
47
views
why my forward port couldn't work use firewall-cmd
config forward port
firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --add-forward-port=port=81:proto=tcp:toaddr=127.0.0.1:toport=80
firewall-cmd --reload
now, this is my firwall-...
- 101
0
votes
0
answers
40
views
Plesk Firewall blocking internet access for WireGuard clients
I'm currently facing an issue I can not fix myself. The initial idea was to setup WireGuard on my server running Plesk. I've searched a bit the internet and found this really nice tutorial. It really ...
- 203
0
votes
0
answers
33
views
How To Add An Allow Rule To UFW's before*.rules
I've appended to my /etc/ufw/before6.rules file the following
-A ufw6-before-input -p tcp -s XX.XX.XXX.XX -j ACCEPT
-A ufw6-before-output -p tcp -d XX.XX.XXX.XX -j ACCEPT
but still am not able to ...
- 1
0
votes
2
answers
152
views
Wireguard and Ubuntu 22.04. Forcing traffic from port 25 over VPN
So Im hosting a server in a docker container which is a client in a VPN network. I Cant send any egress traffic out of port (say ummm 52) through the host. That box is a client to a wireguard server. ...
0
votes
1
answer
116
views
Install apache, php and mysql on Ubuntu 22.04 toolbox
I would like to install apache, php and mysql on Ubuntu 22.04 toolbox which is running in a Fedora 39 desktop VM.
I am following the steps instructions provided in this link, but is seems to have some ...
- 3
0
votes
1
answer
91
views
Iptables MASQUARADE seems to return the "RESULT" on The Internet instead of the demanding interface
I am trying to do an iptables masquerade from a WireGuard Interface and the Internet. It used to work but lately, I did add a few (just four) WireGuard Interfaces, and it stops working for all of ...
- 1
0
votes
0
answers
47
views
VPN disconeconnects when switching networks
TL;DR If I am connected to one network and then connect to VPN it works fine, but if I then connect to a different network then the VPN disconnects and tries to reconnect over the new network. I need ...
- 1
8
votes
1
answer
12k
views
choosing firewall: ufw vs nftables vs iptables
I'm using Ubuntu 18.04 on embedded system and I need to choose a firewall app between the followings: ufw, nftables, iptables.
Can you recommend one of them and why its better than the others?
Thanks
- 369
0
votes
1
answer
2k
views
What is the correct way to increase nf_conntrack in ubuntu 18.04?
Yesterday I had issues with my database server dropping packets with:
[Tue Feb 28 21:01:00 2023] nf_conntrack: nf_conntrack: table full, dropping packet
I know there a plenty of solutions easy to ...
- 1,325
1
vote
0
answers
838
views
Multiple iptables.rules files or include statement
I think that Title is self-explanatory. Anyway, what I'm looking for is a way to modularize my /etc/iptables.rules file, so I can easily manage them, e.g. a file with standard rules which all server ...
2
votes
0
answers
659
views
Make ufw log without rsyslog
I have no ufw logs on my minimized Ubuntu 22.04 server.
sudo ufw status verbose output:
$ sudo ufw status verbose
Status: active
Logging: on (low)
On the internet I found I need rsyslogd enabled. On ...
- 87
1
vote
1
answer
3k
views
Why am I getting connection refused with IP address even though it works with localhost and firewall is open?
When I run sudo ufw status on a Ubuntu box, I get the following output
sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ...
- 121
1
vote
0
answers
168
views
UFW is Manually Disabled via Shell - Can the system re-enable it on boot?
Take note i am already aware how to have start the ufw service on boot. This is not what i am asking.
So, right now, if i check ufw status it shows as "Active". And when i reboot and check ...
- 11
0
votes
2
answers
2k
views
ufw not logging all connections as expected
I am trying to setup logging on ubuntu server 20.04.4 using ufw, but I'll take non-ufw advice as well.
I am running a test https server on port 20000 and want to log all connections to it. Here's what ...
- 139
0
votes
1
answer
476
views
How can I block a port being used by docker?
I am running wikijs on port 8080 running reverse proxy with apache. With cloudflare argo tunnel so only specific people can login to wikijs.
So if user try to browse http://publicip:80 (port being ...
- 1
1
vote
2
answers
470
views
Limiting ssh connections to specific devices
I have an ubuntu system at home, allowed ssh and enabled port forwarding to my machine for ssh connections. So far so good.
Now I can access from everywhere.
How do i confugure my machine to refuse ...
- 171
1
vote
1
answer
987
views
An upper limit on the number of rules nftables can realistically process
I am designing a large SaaS VPN service and am planning to use nftables.
Is there a realistic limit to the number of rules it can process?
Rules will be compiled from a database. There will be ...
- 143
1
vote
0
answers
126
views
Issues blocking specific traffic using iptables
Good afternoon. I'm new to Linux and using iptables, so please forgive me if I make any mistakes. I am using version 20.04.2 LTS of Ubuntu.
What I am trying to do is block all traffic on a device on ...
- 31
0
votes
1
answer
3k
views
UFW - Allow SSH in custom port
I'm new to ufw, and followed this link and entered exact command as instructed.
ufw allow ssh 2222
Since my SSH is 2222, I want to add that rule in, but I kept getting
ERROR: Need 'to' or 'from' ...
- 452
1
vote
2
answers
666
views
IP Tables - Blocking Incoming Traffic
This question is in a way related this and this
My question is about blocking incoming connections using iptables. I read different posts in unix.stackexchange.com and got a basic understanding of ...
- 13
2
votes
1
answer
3k
views
Using qemu/kvm with nftables? (without firewalld!)
With libvirt/qemu/kvm you can define a bridge (or more) to be used by the guest machines. The libvirt machinery should take care of the creation of the bridge - normally called virbr0 with virbr0-nic (...
- 16.7k
2
votes
2
answers
2k
views
iptables - Drop NAT rules based on rule/name, NOT rule number
I need to script some Iptables rule changes involving NAT rules (-t nat) on Ubuntu 16 servers.
It seems like the common way to drop a rule using -D [rule here] does not work with the -t identifier... ...
- 153
2
votes
0
answers
74
views
How do I see how much CPU time my firewall uses?
I was attacked with a DNS Amplification and as a result added nearly 4,000 IP addresses to my firewall using fail2ban.
I have seen many people worried about how many rules they include in their ...
- 3,019
0
votes
1
answer
47
views
Will a router with a firewall block forwarded packets from a sub-LAN network?
I have a system that looks like so:
+----------+ +--------+ +--------+
| | | | | |
| Internet |<--->| Modem |<--->| Router |
| | | ...
- 3,019
1
vote
1
answer
198
views
iptables doesn't filter my ssh failed logins any more [closed]
I have a rule on iptables to block too many failed attempted logins on ssh. On my new server however it seems not to work any more, in the sense that I can still login straight away even if I fail for ...
- 1,063
0
votes
1
answer
481
views
Ubuntu ufw Lightsail not opening port 80 [duplicate]
I have port 80 open from AWS lightsail console, and ufw status shows that port 80 should be open.
And yet, I cannot curl into port 80 nor can I telnet or ping or launch a server.
I've checked ...
12
votes
4
answers
27k
views
Firewall rules based on Domain name instead of IP address
I am running Guacamole remote desktop gateway test setup to manage access to cloud VM instances.
As I got one strange POC request from one client to restrict Guacamole RDG access to one specific ...
- 121
0
votes
0
answers
32
views
How to close 22 (so I can open it)
I have been trying to get ssh to work between an Ubuntu VM and my Xubuntu system.
(Note: My Xubuntu system is running on Chrome OS)
SSH has hangs until a timeout, this tells me that something is ...
- 23
0
votes
0
answers
361
views
Is UFW working? Still seeing many sshd entries to log file
I recently enabled the firewall on my Elementary OS system, using ufw.
Here is my sudo ufw status verbose:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (...
- 1
1
vote
2
answers
6k
views
How to block all incoming and outgoing traffic except outgoing of 80 port and 443 in ufw?
I need to unlock only outgoing 443 and 80 port, only for navigate through internet, actually im using the rules:
ufw default deny incoming
ufw default deny outgoing
ufw allow out from any to any port ...
- 11
1
vote
0
answers
679
views
UFW Drop inbound ICMP requests from outside the local network
How do I use ufw to drop inbound icmp traffic from outside my local network? Local network/mask is 10.0.2.0/24.
- 11
1
vote
3
answers
4k
views
UFW is blocking DNS requests through VPN [closed]
I have a very strange behaviour of my UFW on Ubuntu 18.04.
I set up basic rules, everything is OK until I connect client to this server through VPN. On the client side ping works fine but nslookup / ...
- 153
5
votes
1
answer
10k
views
blocking all traffic except whitelisted ip adresses
I need block all incoming and outcoming connections in firewall, except ip adresses i whitelist. I am currently on virtual machine using ubuntu.
I tried these commands from this site:
but i cant ...
- 51
1
vote
0
answers
1k
views
Can't TFTP GET file on Ubuntu machine from Windows machine
I'm trying download file via TFTP on Ubuntu 16.04LTS machine from TFTP server (TFTPD32) running on Windows 7 machine. On Ubuntu every time I got error Transfer timed out. On Windows 7 PC Windows ...
- 553
1
vote
1
answer
749
views
Open Port443 on Linux Ubuntu 12.04
i have a Linux Ubuntu 12.04.3 LTS with Elastic Search installed. the Elastic Search is configured to accept the local requests via HTTP. i have a php website on the same server. it was on port 80 but ...
- 11
3
votes
3
answers
4k
views
Accesing localhost via IP from another device Ubuntu [closed]
I'm running localhost server on Ubuntu with xampp.
I want to access that server from another device within the same network.
To achieve that i'm using host IP adress from local network which is 192....
- 41
0
votes
1
answer
454
views
compile nginx and naxsi on ubuntu 18.x
I'm trying to install naxsi on ubuntu 18.x.
After googling and trying I found:
nginx-naxsi is no more available for ubuntu, so you have to compile by yourserlf.
Well to understand which module and ...
- 115
0
votes
2
answers
3k
views
Ubuntu ports open but iptables rules are empty
I have installed ejabberd on a new installation of Ubuntu 16.04 on digitalocean cloud and am able to connect to it from pidgin from my local machine without configuring any firewall rules.
Curious to ...
- 103
0
votes
1
answer
200
views
Using firewall service in Ubuntu?
As In RHEL or Centos, we can make load port or service permanently by:
firewall-cmd --reload.
But currently I am working on ubuntu 16.04 but I dont have that much knowledge about this.
So please ...
- 11
-1
votes
1
answer
2k
views
How to allow the internal network only to access NTP service
I am having a firewall with the IP of 10.0.0.2 which has an NTP server. I want only the internal network 10.0.0.0/24 to access the NTP server. I don't want to allow any external networks to access the ...
- 19
1
vote
2
answers
2k
views
How to allow external networks connect via ssh to the internal server using iptables [closed]
I am having a firewall with the IP of 10.0.0.2/24 which is the default gateway as well. I need to allow external networks to be able to SSH to the Server which its IP is 10.0.0.1/24. I have to use ...
- 19
2
votes
1
answer
4k
views
Reject all connections except from a specific IP
I've installed a database on Ubuntu that I'll connect to it from my other server remotely on port 27017.
This server I want to use only as a storage for my other server. I requested the host support ...
- 123
8
votes
4
answers
21k
views
How to import multiple ip's to Ipset?
I am using iptables with ipset on an Ubuntu server firewall. I am wondering if there is a command for importing a file containg a list of ip's to ipset. To populate an ipset, right now, I am adding ...
- 83
1
vote
1
answer
3k
views
netstat is not showing port opened through ufw
I am setting up a ftp server on my Ubuntu 16.
After using the following command:
sudo ufw allow 21/tcp
sudo ufw status verbose
I can see the output that says:
21/tcp ALLOW IN Anywhere
...
- 111
2
votes
0
answers
725
views
How to handle aggressive HTTP requests from the same IP?
My server has recently been suffering temporary floods of probing HTTP requests looking for PHPMyAdmin. They come from various IPs and come in series. That is, for a few seconds I'm getting a bunch of ...
user147505
42
votes
1
answer
120k
views
Do you need to reload after adding a rule in ufw?
Do you need to run any of these commands:
sudo ufw reload
sudo ufw disable
sudo ufw enable
after adding a rule via sudo ufw allow?
- 523
7
votes
3
answers
14k
views
Ubuntu - block internet access to all applications except chosen few
I have been looking for a way to block all my applications from accessing the internet except for 1 or 2 chosen applications.
I looked into Uncomplicated Firewall (ufw) and its respective Gui (gufw):
...
- 453
3
votes
2
answers
3k
views
How to connect to a SSH server behind a firewall using another server?
I have 2 Servers and the network looks like this:
Server_A (Ubuntu) -> Firewall/Router -> Internet
Server_A can connect to any server on the internet.
Server_B (Ubuntu) which is directly ...
- 579
1
vote
2
answers
2k
views
I need to regenerate the ufw files
I deleted the ufw files in /etc/ufw/, so I can start from scratch with a new generated port file. But after I deleted ufw per apt-get and reinstalled it, the files do not get generated. So what am I ...
- 13
1
vote
1
answer
1k
views
ubuntu iptables doesn't block wget
Please, help me to understand what I'm doing wrong with iptables on ubuntu 14.04.
iptables -F
ip6tables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
ip6tables -P INPUT ...
- 11