On Tue, 10 Dec 2019 07:22:05 +0100
Pascal Hambourg wrote:
> Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
> >
> > I am running an iptables firewall on an openwrt router I ve got.
> > Which acts as Firewall/gateway and performs NATing for my internal
> > network - debian PCs and android phon
Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
I am running an iptables firewall on an openwrt router I ve got. Which
acts as Firewall/gateway and performs NATing for my internal network -
debian PCs and android phones.
All good but specific web sites are not loading for the machines that
a
On 12/10/2019 12:01 AM, Nektarios Katakis wrote:
> Hello,
>
> I am running an iptables firewall on an openwrt router I ve got. Which
> acts as Firewall/gateway and performs NATing for my internal network -
> debian PCs and android phones.
>
> All good but specific web sites are not loading for the
On Wed, Jul 30, 2014 at 08:33:56PM +0200, Nemeth Gyorgy wrote:
> 2014-07-30 09:18 keltez?ssel, Joe ?rta:
> > Something else you might do now is to place temporary logging rules
> > before your 'DROP' rules, to confirm whether it is indeed iptables
> > which is blocking those packets. No logs, it's
On Wed, 30 Jul 2014 21:34:07 +0200
Pascal Hambourg wrote:
> Joe a écrit :
> >
> > Something else you might do now is to place temporary logging rules
> > before your 'DROP' rules, to confirm whether it is indeed iptables
> > which is blocking those packets.
>
> Or just run tcpdump while the por
Joe a écrit :
>
> Something else you might do now is to place temporary logging rules
> before your 'DROP' rules, to confirm whether it is indeed iptables
> which is blocking those packets.
Or just run tcpdump while the port scan is running.
> No logs, it's somebody or something
> else. And if y
2014-07-30 09:18 keltezéssel, Joe írta:
> Something else you might do now is to place temporary logging rules
> before your 'DROP' rules, to confirm whether it is indeed iptables
> which is blocking those packets. No logs, it's somebody or something
> else.
Perhaps it is not needed.
iptables -L -v
2014-07-30 17:33 keltezéssel, Mike McClain írta:
>> And as someone else asked, why are you worried about this 'stealth'? As
>> long as the bad packets don't get in, what does it matter?
>
> Why is there a DROP instruction in iptables as well as REJECT?
To allow you to do what you want. e.g DROP c
Mike McClain wrote:
> On Wed, Jul 30, 2014 at 08:18:51AM +0100, Joe wrote:
>> And as someone else asked, why are you worried about this 'stealth'?
>> As long as the bad packets don't get in, what does it matter?
> Why is there a DROP instruction in iptables as well as REJECT?
Sometimes you want
Sven Hartge wrote:
> If I try to connect to a system on (for example) IP 192.168.40.60 and
> port 80 and there is no system with that IP, the router for the
> network will tell me via an "ICMP host unreachable" package.
Erm, please replace "package" with "packet" while reading, thanks.
Grüße,
S
Mike McClain wrote:
> On Wed, Jul 30, 2014 at 01:09:24AM +0200, Pascal Hambourg wrote:
>
>> You can safely ignore that "stealth" FUD.
> block:REJECT::Stealth:DROP
> Why do you say it can be ignored?
If I try to connect to a system on (for example) IP 192.168.40.60 and
port 80 and there is no s
On Wed, Jul 30, 2014 at 08:18:51AM +0100, Joe wrote:
> Something else you might do now is to place temporary logging rules
> before your 'DROP' rules, to confirm whether it is indeed iptables
> which is blocking those packets. No logs, it's somebody or something
> else. And if you have anything ot
On Wed, Jul 30, 2014 at 01:09:24AM +0200, Pascal Hambourg wrote:
> You can safely ignore that "stealth" FUD.
block:REJECT::Stealth:DROP
Why do you say it can be ignored?
> Use iptables-save instead.
I do.
Thanks for your thoughts,
Mike
--
Who knows what evil lurks in the hearts of men?
--
On Tue, Jul 29, 2014 at 10:20:57PM +0100, Mark Carroll wrote:
>
> Use iptables --list-rules to check what rules are actually in force,
> applying in what order.
>
> -- Mark
I've been using iptables-save which gives nearly the same output but
fails to explain why 2 online scanners show those ports
On Tue, Jul 29, 2014 at 11:19:18PM +0200, Sven Hartge wrote:
>
> Maybe your ISP already filters those ports?
>
Now that's a thought I hadn't considered.
If the ISP is REJECTing those ports that would explain the responces
I'm seeing.
Thanks I'll look into it.
Mike
--
Who knows what evil lurks in th
On Tue, 29 Jul 2014 14:04:23 -0700
Mike McClain wrote:
> I've run into a difficulty with iptables in that both GRC.com and
> PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but
> not stealthed in spite of the fact that I have these statements in my
> firewall script:
> ipta
Mark Carroll a écrit :
> Mike McClain writes:
>
>> I've run into a difficulty with iptables in that both GRC.com and
>> PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but
>> not stealthed in spite of the fact that I have these statements in my
>> firewall script:
You can safe
Mike McClain writes:
> I've run into a difficulty with iptables in that both GRC.com and
> PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but
> not stealthed in spite of the fact that I have these statements in my
> firewall script:
(snip)
> Suggestions?
Use iptables --list-r
Mike McClain wrote:
> I've run into a difficulty with iptables in that both GRC.com and
> PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but
> not stealthed in spite of the fact that I have these statements in my
> firewall script:
>iptables -A INPUT -p udp --dport 137:13
Hi, did you get it working? i'm still going crazy
about it.
Thanks a lot in advance and sorry for a private
mail.
Ziggy
John Hedge wrote:
Brian,
You might like to take a look at www.shorewall.net. It helped me when I
was at a similar stage as it seems you may be.
I agree. Shorewall has awesome documentation (like step-by-step)
for most common situations.
-Roberto
signature.asc
Description: OpenPGP digital signat
Brian,
You might like to take a look at www.shorewall.net. It helped me when I
was at a similar stage as it seems you may be.
Another idea is to join [EMAIL PROTECTED]
John
On Tue, 2004-03-02 at 17:53, Brian Schmidt wrote:
> I'm trying to make a good firewall/gateway iptables script, this is
Thanks for all the suggestions on firewalls, I will be looking at them,
and that was exactly what I was looking for, thanks Adam :)
Sincerely
Brian Schmidt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Mon, 2004-01-26 at 10:11, Brian Schmidt wrote:
> I'm trying to set up a proper firewall, and have a decent one set up so
> far..
> A few things I'm missing though are the ability to allow/deny ipranges,
> so I have been looking around a bit, and saw that there was a module
> called iprange.
>
On Monday 26 January 2004 10:11 am, Brian Schmidt wrote:
> Another thing with iptables I have been thinking of letting my firewall
> do, is to give a proper reply to connections on closed ports, rather
> than just dropping the connection.
Iptables comes with a REJECT target, used like this:
iptab
Have you try the `firehol' pacakge available in testing ?
hth,
Jerome
Brian Schmidt wrote:
I'm trying to set up a proper firewall, and have a decent one set up so
far..
A few things I'm missing though are the ability to allow/deny ipranges,
so I have been looking around a bit, and saw that there
Hello,
a couple of weeks I found this link on debian-firewall:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS
L4Linux/templates/firewall.iptables.devel?rev=HEAD&content-type=text/vnd
.viewcvs-markup
It is a pretty good script. You have to set y or n for a list of service
Matt,
I can't remember the exact URL, but somewhere in the IBM developer forums is a
really good tutorial on using iptables to create a firewall. It includes some
nice scripts, and is much clearer than Rusty's guides.
John P Foster
http://www.golden-orb.com
Matthew Garman wrote:
> I would like
28 matches
Mail list logo
