|
|
Sponsored Content
Operating Systems
Linux
using firewall to block port
Post 302288418 by pludi on Tuesday 17th of February 2009 07:52:28 AM
02-17-2009
|
|
10 More Discussions You Might Find Interesting
1. Solaris
Hi,
So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years.
We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies
2. IP Networking
My server is running on a port 16386, in the case when this port is blocked by some other application ( anti virus etc. ) or firewall then how do i know it's block? Is bind will return any specific error in this case.
I have to know is it blocked or not? (2 Replies)
Discussion started by: Saurabh78
2 Replies
3. Linux
Well, since I wrote the below, I've learned a little more about Samba, and got them to at least acknowledge each other. Still can't use Gaurd dog. Still cant print from one to the other.
I'm learning I'm learning
I recently installed mepis 7 on both my laptop and laptop. (I came... (0 Replies)
Discussion started by: Sonshyne5
0 Replies
4. IP Networking
Hello,
I want to add a port in the firewall exception list so that my application can be accessed over network even if firewall is disabled. I am using iptables command to add exception.
The problem is, after setting the rule if I change the firewall setting i.e. on/off then it is overwriting... (1 Reply)
Discussion started by: senrooy
1 Replies
5. UNIX for Advanced & Expert Users
Hi All,
I successfully configured a DEBIAN Lenny bridged firewall
using ebtables.
The bridged interface is br0.
The ethernet interface are eth0 & eth1 respectively.
All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers.
Can... (1 Reply)
Discussion started by: coolatt
1 Replies
6. UNIX for Dummies Questions & Answers
hi guys
I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem
and customer will be using rsync to sync backups among other things
I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies
7. UNIX for Dummies Questions & Answers
(1 Reply)
Discussion started by: senrabdet
1 Replies
8. Shell Programming and Scripting
Hi,
I need to know what kind of firewall settings does the linux box have? Is port 25 blocked in any way?
Linux techx 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
I'm coming from this thread. (1 Reply)
Discussion started by: mohtashims
1 Replies
9. Shell Programming and Scripting
I have my firewall process running
# ps -ef | grep firewall
root 21169 1 0 08:50 ? 00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
I wish to know what ip : port number it is using. Can you please tell me how can i find out ?
I tried the below command... (4 Replies)
Discussion started by: mohtashims
4 Replies
10. Shell Programming and Scripting
Below is what i did to open the firewall port on
# sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent
Warning: ALREADY_ENABLED: 27012:tcp
success
# sudo firewall-cmd --reload
success
# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
... (10 Replies)
Discussion started by: mohtashims
10 Replies
LEARN ABOUT DEBIAN
iptables::parse
IPTables::Parse(3pm) User Contributed Perl Documentation IPTables::Parse(3pm) NAME
IPTables::Parse - Perl extension for parsing iptables and ip6tables policies SYNOPSIS
use IPTables::Parse; my $ipt_bin = '/sbin/iptables'; # can set this to /sbin/ip6tables my %opts = ( 'iptables' => $ipt_bin, 'iptout' => '/tmp/iptables.out', 'ipterr' => '/tmp/iptables.err', 'debug' => 0, 'verbose' => 0 ); my $ipt_obj = new IPTables::Parse(%opts) or die "[*] Could not acquire IPTables::Parse object"; my $rv = 0; my $table = 'filter'; my $chain = 'INPUT'; my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain); if ($rv) { if (defined $ipt_hr->{'all'}) { print "The INPUT chain has a default DROP rule for all protocols. "; } else { for my $proto (qw/tcp udp icmp/) { if (defined $ipt_hr->{$proto}) { print "The INPUT chain drops $proto by default. "; } } } } else { print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy "; } ($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain); if ($rv) { if (defined $ipt_hr->{'all'}) { print "The INPUT chain has a default LOG rule for all protocols. "; } else { for my $proto (qw/tcp udp icmp/) { if (defined $ipt_hr->{$proto}) { print "The INPUT chain logs $proto by default. "; } } } } else { print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy "; } DESCRIPTION
The "IPTables::Parse" package provides an interface to parse iptables or ip6tables rules on Linux systems through the direct execution of iptables/ip6tables commands, or from parsing a file that contains an iptables/ip6tables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined chain, check for a default DROP policy, or determing whether or not logging rules exist. FUNCTIONS
The IPTables::Parse extension provides an object interface to the following functions: chain_policy($table, $chain) This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for the specified table and chain: print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), " "; chain_rules($table, $chain) This function parses the specified chain and table and returns an array reference for all rules in the chain. Each element in the array reference is a hash with the following keys (that contain values depending on the rule): "src", "dst", "protocol", "s_port", "d_port", "target", "packets", "bytes", "intf_in", "intf_out", "to_ip", "to_port", "state", "raw", and "extended". The "extended" element contains the rule output past the protocol information, and the "raw" element contains the complete rule itself as reported by iptables or ip6tables. default_drop($table, $chain) This function parses the running iptables or ip6tables policy in order to determine if the specified chain contains a default DROP rule. Two values are returned, a hash reference whose keys are the protocols that are dropped by default if a global ACCEPT rule has not accepted matching packets first, along with a return value that tells the caller if parsing the iptables or ip6tables policy was successful. Note that if all protocols are dropped by default, then the hash key 'all' will be defined. ($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT'); default_log($table, $chain) This function parses the running iptables or ip6tables policy in order to determine if the specified chain contains a default LOG rule. Two values are returned, a hash reference whose keys are the protocols that are logged by default if a global ACCEPT rule has not accepted matching packets first, along with a return value that tells the caller if parsing the iptables or ip6tables policy was successful. Note that if all protocols are logged by default, then the hash key 'all' will be defined. An example invocation is: ($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT'); AUTHOR
Michael Rash, <mbr@cipherdyne.org> SEE ALSO
The IPTables::Parse is used by the IPTables::ChainMgr extension in support of the psad and fwsnort projects to parse iptables or ip6tables policies (see the psad(8), and fwsnort(8) man pages). As always, the iptables(8) and ip6tables(8) man pages provide the best information on command line execution and theory behind iptables and ip6tables. Although there is no mailing that is devoted specifically to the IPTables::Parse extension, questions about the extension will be answered on the following lists: The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss The latest version of the IPTables::Parse extension can be found on CPAN and also here: http://www.cipherdyne.org/modules/ Source control is provided by git: http://www.cipherdyne.org/git/IPTables-Parse.git http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-Parse.git;a=summary CREDITS
Thanks to the following people: Franck Joncourt <franck.mail@dthconnex.com> Grant Ferley AUTHOR
The IPTables::Parse extension was written by Michael Rash <mbr@cipherdyne.org> to support the psad and fwsnort projects. Please send email to this address if there are any questions, comments, or bug reports. COPYRIGHT AND LICENSE
Copyright (C) 2005-2012 Michael Rash. All rights reserved. This module is free software. You can redistribute it and/or modify it under the terms of the Artistic License 2.0. More information can be found here: http://www.perl.com/perl/misc/Artistic.html This program is distributed "as is" in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. perl v5.14.2 2012-03-05 IPTables::Parse(3pm)