On Mon, Dec 23, 2024 at 9:05 PM Greg Wooledge wrote:
> On Mon, Dec 23, 2024 at 20:48:12 -0500, Dan Purgert wrote:
> > On Dec 23, 2024, Timothy M Butterworth wrote:
> > > sudo fails with a permission denied error.
> > > tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
> > > b
Hi,
On 23 Dec 2024 at 20:56:14, Greg Wooledge wrote:
> On Mon, Dec 23, 2024 at 20:48:12 -0500, Dan Purgert wrote:
> > On Dec 23, 2024, Timothy M Butterworth wrote:
> > > sudo fails with a permission denied error.
> > > tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
> > > b
On Mon, Dec 23, 2024 at 20:48:12 -0500, Dan Purgert wrote:
> On Dec 23, 2024, Timothy M Butterworth wrote:
> > sudo fails with a permission denied error.
> > tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
> > bash: /etc/iptables/rules.v4: Permission denied
>
> "sudo" only m
On Dec 23, 2024, Timothy M Butterworth wrote:
> sudo fails with a permission denied error.
> tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
> bash: /etc/iptables/rules.v4: Permission denied
"sudo" only modifies "iptables-save", and not the redirect (it happens
as your user,
sudo fails with a permission denied error.
tmb@hp-debian:~$ sudo /usr/sbin/iptables-save > /etc/iptables/rules.v4
bash: /etc/iptables/rules.v4: Permission denied
Root user works
tmb@hp-debian:~$ su -l
Password:
Root user with sudo
root@hp-debian:/home/tmb# sudo /usr/sbin/iptables-save >
/etc/ipta
On 24 May 2024 23:23:44 BST, Andy Smith wrote:
>You will likely get better performance if you switch to nftables and
>use an ipset to hold all the bans, though I've no idea how easy
>that is to configure with fail2ban.
It's easy, supported out of the box. I have been using nftables for years w
Hi,
On Sat, May 25, 2024 at 06:04:34AM +0800, Northwind wrote:
> I have been using a KVM vps with 2G ram, 2 cores.
> due to fail2ban jobs, iptables in this vps has dropped 3000+ black IPs.
> may I ask how max iptables rules the VPS can have?
It depends upon the kind of rule but for
Hello
I have been using a KVM vps with 2G ram, 2 cores.
due to fail2ban jobs, iptables in this vps has dropped 3000+ black IPs.
may I ask how max iptables rules the VPS can have?
does many iptables rules influence the networking performance?
Thanks
On Mon, Aug 28, 2017 at 15:54 Joe wrote:
...
I confess to no specific knowledge here, but I suspect none of the
> firewall front-ends will accommodate an arbitrary iptables ruleset, as
> the front-ends impose their own structure which would almost certainly
> conflict.
>
Unfortunately, ufw doesn
On Mon, Aug 28, 2017 at 15:49 Alexander V. Makartsev
wrote:
> Smart way to do it is to setup a cron job to run shell script that will
> flush (or restore to default working ruleset) iptables rules every 10
> minutes.
Thanks, Alexander.
-Tom
On Mon, 28 Aug 2017 20:01:54 +
Tom Browder wrote:
> Installing and enabling ufw sounds easy, but how is the existing set
> of iptables rules treated? I want to use ufw on a remote server and
> losing ssh would be disastrous!
>
I confess to no specific knowledge here, but I sus
Smart way to do it is to setup a cron job to run shell script that will
flush (or restore to default working ruleset) iptables rules every 10
minutes.
With this approach, even if you mess up your iptables rules and loose
ssh, you can simply wait for 10 minutes and reconnect to ssh.
Take your time
Installing and enabling ufw sounds easy, but how is the existing set of
iptables rules treated? I want to use ufw on a remote server and losing
ssh would be disastrous!
Thanks.
-Tom
Patrick Schleizer writes:
> I.e. two packages trying to add iptables rules at the same time and
> thereby failing to do so?
They can't do that as each call to iptables locks the table be operated
on. Without -w iptables exits when it can't get the lock. With -w it
waits.
Pascal
Le 12/11/2015 20:47, Pascal Hambourg a écrit :
> Patrick Schleizer a écrit :
>> as I just learned on the mailing list, that at least the packages
>> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
>> modify iptables rules...
> Firewall manager
Patrick Schleizer a écrit :
>
> as I just learned on the mailing list, that at least the packages
> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
> modify iptables rules...
Firewall managers such as ufw, shorewall, firestarter...
Custom iptables scripts.
Patrick Schleizer wrote:
> as I just learned on the mailing list, that at least the packages
> fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
> modify iptables rules...
> Is there a chance for race conditions? I.e. two packages trying to add
> iptables ru
I think that the best solution would be for the script to construct a
single iptables command string and then run it.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
Hi,
as I just learned on the mailing list, that at least the packages
fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
modify iptables rules...
Is there a chance for race conditions? I.e. two packages trying to add
iptables rules at the same time and thereby failing to do so
Patrick Schleizer wrote:
> are there packages that modify the system's iptables rules?
fail2ban
miniupnpd
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Hi,
are there packages that modify the system's iptables rules?
Cheers,
Patrick
On 03/25/2015 02:06 PM, Linux4Bene wrote:
> Op Wed, 25 Mar 2015 11:46:21 +0100, schreef Diogene Laerce:
>
>> Hi,
>>
>> I have a strange behavior of iptables lately : all rules are cleaned up
>> after a few minutes.
>>
>> iptables-persistent is installed and if I reboot just after restoring
>> all
Op Wed, 25 Mar 2015 11:46:21 +0100, schreef Diogene Laerce:
> Hi,
>
> I have a strange behavior of iptables lately : all rules are cleaned up
> after a few minutes.
>
> iptables-persistent is installed and if I reboot just after restoring
> all rules,
> all rules are still loaded. But a few minu
Hi,
I have a strange behavior of iptables lately : all rules are cleaned up
after a few minutes.
iptables-persistent is installed and if I reboot just after restoring
all rules,
all rules are still loaded. But a few minutes later, they are all
cleaned up.
The same happens whenever I load them man
automatically saved. Since I make all edits to my iptables
rules in a shell script that I source when I want to change them, I'm
not too worried about that, but you can see several alternate
solutions from the link above.
Hope this helps!
--
Paul Cartwright
Registered Linux user # 36
On Saturday 24 January 2009, abdelkader belahcene
wrote about 'how to store iptables rules':
>please i want to save the iptables for next sessions,
>now I have to run iptables after each reboot.
>I tried iptables-save, it did't.
Search the archive, there was a discussi
On Saturday 24 January 2009 12:34:52 abdelkader belahcene wrote:
> hi,
> please i want to save the iptables for next sessions,
> now I have to run iptables after each reboot.
> I tried iptables-save, it did't.
> thanks for help
> bela
Redirect it to a file:
iptables-save > target-file
You will a
hi,
please i want to save the iptables for next sessions,
now I have to run iptables after each reboot.
I tried iptables-save, it did't.
thanks for help
bela
On Tue, 6 Jan 2009 11:35:32 -0500
Michael Pobega wrote:
...
> Edit: I resent this message because something went wrong with the
> last...I have no clue what happened.
It hit the list encrypted.
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net
On Mon, Jan 05, 2009 at 08:59:54PM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> Which is the default/designated way in Debian to set up iptables rules
> on system boot?
>
> I mean the /etc/init.d scripts is long gone... ;)
>
> Thanks,
> Chris.
I used to
binwUFROmPogU.bin
Description: application/pgp-encrypted
msg.asc
Description: Binary data
>>> Which is the default/designated way in Debian to set up iptables rules
>>> on system boot?
>
The GPLed Firestarter can generate a set of script, though it rids any
CLI configurations.
--
Koh Choon Lin
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.o
On Mon, Jan 5, 2009 at 11:38 PM, Nate Bargmann wrote:
> * Christoph Anton Mitterer [2009 Jan 05 14:02 -0600]:
>> Hi.
>>
>> Which is the default/designated way in Debian to set up iptables rules
>> on system boot?
You could use post-up and pre-up hooks in /etc/
* Christoph Anton Mitterer [2009 Jan 05 14:02 -0600]:
> Hi.
>
> Which is the default/designated way in Debian to set up iptables rules
> on system boot?
>
> I mean the /etc/init.d scripts is long gone... ;)
I've been using Firehol on "client" machines like
On Mon, 2009-01-05 at 12:31 -0800, Ken Teague wrote:
> Which script(s) are you referring to? I had to create my own.
Uhm until iptables 1.2.7-8 or so a init.d script was provided with the
package...
Chris.
smime.p7s
Description: S/MIME cryptographic signature
On Monday 2009 January 05 13:59:54 Christoph Anton Mitterer wrote:
> Which is the default/designated way in Debian to set up iptables rules
> on system boot?
I've just been calling iptables-restore from rc.local and calling
iptables-save as needed. I'd love to know if there is
Christoph Anton Mitterer wrote:
> Which is the default/designated way in Debian to set up iptables rules
> on system boot?
I would put them in an init.d script.
> I mean the /etc/init.d scripts is long gone... ;)
Which script(s) are you referring to? I had to create my own.
- Ken
Hi.
Which is the default/designated way in Debian to set up iptables rules
on system boot?
I mean the /etc/init.d scripts is long gone... ;)
Thanks,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
The way I do it...
Create a file /etc/network/if-up.d/firewall.sh , make sure it is executable.
In that file put all the iptables rules you want and since it is bash
scripting you can get pretty fancy. Then in /etc/network/interfaces add the
following line to one of the interface definitions, &#x
On Thu, 12 Jun 2008, Ding Honghui <[EMAIL PROTECTED]> writes:
> Is there a debian way to save and load iptables rule when system boot or
> interface active?
See scripts under /etc/network/if-{up,down}.d directories. Also,
interfaces(5) manual would be helpful.
Regards.
--
To UNSUBSCRIBE, emai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a debian way to save and load iptables rule when system boot or
interface active?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIULL4Jo9Njjkvy34RAhlnAJ9fC
On Sun, Aug 01, 2004 at 05:40:57PM +0300, [EMAIL PROTECTED] wrote:
> But that would be just like running /etc/init.d/iptables. But what we
> need is running the command '/etc/init.d/iptables start'.
>
> I tried to make a link with the start parameter like
>
> >ln -s /etc/init.d/iptables '/etc/r
nprofessional and must be better ways to do
this. Is it? Please advice.
Regards,
-Nabil
-Original Message-
From: Jon [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 01, 2004 5:00 PM
To: Nabil MALIK / KTEFH - OTAS
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: How to save the ipt
save
- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sun, 1 Aug 2004 16:17:07 +0300
Subject: How to save the iptables rules for booting?
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Fellows,
I know the script /etc/init.d/iptables can be used to save the
Fellows,
I know the script /etc/init.d/iptables can be used to save
the rules. I made it save in the ‘active’ rule set. But what is the
standard way to run ‘/etc/init.d/iptables load active’ at boot
time. I manually added a symbolic link to the /etc/rcS.d folder for ‘/etc/init.d/iptable
eyer wrote:
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Deb
On Sun, 13 Jun 2004 08:15 am, Ralph Crongeyer wrote:
> Darryl Luff wrote:
> > Ralph Crongeyer wrote:
> >> How does one save iptables rules in Debian "Unstable/SID"? I've tried
> >> iptables-save and get some output with no errors, but when I reboot
>
Darryl Luff wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Debian way" of doing this? Rather
than write my own
Thanks Adam, but there is no "/etc/init.d/iptables" file on SID?
Any other suggestions?
Ralph
Adam Aube wrote:
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors,
Jaldhar H. Vyas wrote:
> On Fri, 11 Jun 2004, Adam Aube wrote:
>> /etc/init.d/iptables save active
> Except that is just a hold over from old versions of the package. It
> doesn't exist in new installs.
Odd that it would be removed without a suitable replacement provided.
Adam
--
To UNSUBS
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone? Is there a "Debian way" of doing this? Rather than
write my own startup script I want
On Fri, 11 Jun 2004, Adam Aube wrote:
> Ralph Crongeyer wrote:
>
> > How does one save iptables rules in Debian "Unstable/SID"? I've tried
> > iptables-save and get some output with no errors, but when I reboot all
> > my rules are gone?
>
> /etc/init.
Ralph Crongeyer wrote:
> How does one save iptables rules in Debian "Unstable/SID"? I've tried
> iptables-save and get some output with no errors, but when I reboot all
> my rules are gone?
/etc/init.d/iptables save active
Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTE
Ralph Crongeyer wrote:
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot
all my rules are gone? Is there a "Debian way" of doing this? Rather
than write my own startup script I want
How does one save iptables rules in Debian "Unstable/SID"? I've tried
iptables-save and get some output with no errors, but when I reboot all
my rules are gone? Is there a "Debian way" of doing this? Rather than
write my own startup script I want to find out if there&#
I'm using a very simple technique for keeping a count of the traffic
volume through my Internet connection, using 2 additional iptables rules
and a script run regularly by cron, but the amount of available packages
that deal with this issue, involving daemons and whatnot, makes me wonder
> "m" == marshal <[EMAIL PROTECTED]> writes:
m> One thing that you could do, since you've installed iptables, is setup
m> all the chains manually. Then run (as root)
m> /etc/init.d/iptables save active
m> And if you always want them to be the same
m> /etc/init.d/iptables save inactive.
m
One thing that you could do, since you've installed iptables, is setup
all the chains manually. Then run (as root)
/etc/init.d/iptables save active
And if you always want them to be the same
/etc/init.d/iptables save inactive.
This will save the chains so that they start up everytime that you
Regarding Rusty's Really Quick Guide To Packet Filtering
/usr/share/doc/iptables/html/packet-filtering-HOWTO.html#toc5
where are we supposed to put that? /etc/network/if-pre-up.d/somefile
I suppose.
If you tell me to put it in /etc/ppp/ip-up.d I will tell you that it
only needs to be run once...
Subject: iptables rules
Date: Thu, Aug 02, 2001 at 12:18:14PM +1000
In reply to:Renai LeMay
Quoting Renai LeMay([EMAIL PROTECTED]):
> Hi,
>
> I'm running 2.4.7 on a workstation machine with sid, and I'd like to set up
> simple firewalling rules on my
Renai,
> Can someone give me some advice on how to setup some simple rules as well as
> having them refreshed when I restart?
I'd be happy to send you my iptables script if you like. But it's
really best to craft one yourself so you'll really understand what
you are doing along the way. That w
Hi,
I'm running 2.4.7 on a workstation machine with sid, and I'd like to set up
simple firewalling rules on my machine.
>From a security point of view, I don't have any services available, they're
all disabled, so all I need to be able to do is web browse, check email, irc,
icq, etc, while hav
that are launching them.
>> - Original Message -
>> From: "Vadim Kutsyy" <[EMAIL PROTECTED]>
>> To: "Debian User"
>> Sent: Monday, February 12, 2001 11:33 PM
>> Subject: iptables rules and open ports
>>
>> > I have stand
Wil Reichert wrote:
> http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
>
> Section 7 covers fun stuff like avoiding ping-o-death & syn-flooding.
I've seen it (I used Section 5 to create my rules). However, my
computer is stand alone workstation without any servers,
Check out the packet filtering howto:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Section 7 covers fun stuff like avoiding ping-o-death & syn-flooding.
Wil
--- Hall Stevenson <[EMAIL PROTECTED]> wrote:
> > How to make my computer not pingable?
>
> As root,
>
> How to make my computer not pingable?
As root,
"echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all"
I don't know what other "problems" this may lead to, if any, though...
Regards
Hall
> > port 13: daytime
> > port 37: time
> > port 9: discard
> >
> > Any ideas?
> >
> > Thanks.
> >
>
> Those are started by inetd.Comment them in /etc/inetd.conf then ,as root
> /etc/init.d/inetd restart
Thanks, and last question:
How to make my computer not pingable?
Thanks.
Vadim Kutsyy wrote:
>
> Jason, good idea. I took care about ssh (removed all [K,S]20ssh).
> Hoever I have no clue what to do with aother ports.
>
> port 13: daytime
> port 37: time
> port 9: discard
>
> Any ideas?
>
> Thanks.
>
Those are started by inetd.Comment them in /etc/inetd.conf then
t will tell you the name of the ports. If you're not using them, stop the
> services or uninstall the packages that are launching them.
> - Original Message -
> From: "Vadim Kutsyy" <[EMAIL PROTECTED]>
> To: "Debian User"
> Sent: Monday, Febru
nt: Monday, February 12, 2001 11:33 PM
Subject: iptables rules and open ports
> I have stand alone workstation withour any network, so I am trying to
> keep all ports close. I run kernel 2.4 with iptables. Recent scaning
> (by www.dslreports.com) shows that ports 13,22,37 and 9 are open
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
recomendation on how to close them?
Thanks.
My iptables rulles:
-
;[EMAIL PROTECTED]>
Subject: RE: iptables rules
In-reply-to: <[EMAIL PROTECTED]>
To: William Jensen <[EMAIL PROTECTED]>
Cc: debian-user@lists.debian.org
Reply-to: Pollywog <[EMAIL PROTECTED]>
Organization: The Pond
X-Mailer: XFMail 1.4.6 on Linux
X-Priority: 3 (Normal)
Resent-
Actually, I believe the script I use is based on this one:
http://www.linuxhelp.net/guides/davion/iptables-script
Woody has an iptables package too, which I am examining now.
--
Andrew
Try this:
http://www.debiandiary.f2s.com/diary/iptables.html
There is a script there called iptables.sh.
I believe that is the script I used as a starting point.
--
Andrew
On 28-Aug-2000 William Jensen wrote:
> Greetings everyone...
>
> I've upgraded to the 2.4.0-test5 kernel, compiled in netf
Greetings everyone...
I've upgraded to the 2.4.0-test5 kernel, compiled in netfilter, downloaded
iptools. As root I can see I have control of the firewall. For example I can
put a iptables -A INPUT -j DROP and nothing gets in or out!. heh. This however
is not what I am after. Can you fine sc
75 matches
Mail list logo
