11-03-2011
Quote:
Originally Posted by
Narnie
#4 is dropping broadcast packets, but I'm not exactly sure where those would come from. #4 and #5 I have found on other sites that on networks with Windows systems on them, there will be a lot of broadcast and multicast packets on them that will hog the logs, so it just drops them. Does this make since? If not, other explainations are welcome. Not sure what Windows is doing here, but it seems to be in some of the "best practices" info on firewall building.
Older versions of MS Messenger spam broadcast messages continuously.
I don't see why the firewall needs to care about this either.
Quote:
#6 I understand the difference, but wonder why sometimes things are just dropped (and therefore silent) and if everything makes it through the rules to this point, it might be chosen to use are REJECT and thus send back a TCP RST packet alerting them that they got a "live" system. Just curious on this one.
That's often why things are DROPped instead of REJECTed, yes.
Some firewalls even have a 'tarpit' sort of thing to dump known-hostile connections into. Tarpitted hosts get
just enough response from the server to think they've connected, but they haven't. Tarpitted connections still take the usual ten minutes timeout before dying. I think it's a strategy against DDOS.
9 More Discussions You Might Find Interesting
1. IP Networking
Hi
I have small home network and I want to block some forums on web
When I use this
iptables -A INPUT -s forum -j DROP
rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings
iptables-save > /root/dsl.fw
but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies
2. Cybersecurity
Hello,
I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables.
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies
3. Ubuntu
Could someone help me with writing rules for iptables?
I need a dos attacks protection for a game server.
port type udp
ports 27015:27030
interface: eth0
Accept all packets from all IPs
Chek if IP sent more than 50 packets per second
Drop all packets from this IP for 5 minutes
I would be... (0 Replies)
Discussion started by: Greenice
0 Replies
4. Red Hat
Hi Champs
i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local :
#Allow loopback
iptables -I INPUT -i lo -j ACCEPT
# Accept packets from Trusted network
iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies
5. Web Development
Hi all,
Exactly like my title says.
I am learning PHP and MySQL and I used to use /var/www/ to host (contain or store) my files (.htm/.php) for testing. I could configure, finally, apache2 to use ~/public_html instead.
Now I when I tried to use $_SERVER it still directs (I used echo to show... (7 Replies)
Discussion started by: faizlo
7 Replies
6. Proxy Server
Hi there,
I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies
7. UNIX for Advanced & Expert Users
Hi,
I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it.
The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies
8. Cybersecurity
Hello,
I did 2 scripts. The second one is, I hope, more secure.
What do you think?
Basic connection (no server, no router, no DHCP and the Ipv6 is disabled)
#######script one
####################
iptables -F
iptables -X -t filter
iptables -P INPUT DROP
iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies
9. IP Networking
Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies
LEARN ABOUT DEBIAN
arno-iptables-firewall
ARNO-IPTABLES-FIREWALL(8) ARNO-IPTABLES-FIREWALL(8)
NAME
arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support.
SYNOPSIS
/etc/init.d/arno-iptables-firewall [start|stop|status|force-reload|restart]
DESCRIPTION
arno-iptables-firewall is an iptables configuration script with support for both IPv4 & IPv6. While it is extremely easy to use one can
nevertheless use it in quite complicated environments.
All available options are explained in the extensively documented configuration file.
The external interface of the system needs to be set up properly in the firewalls configuration file (EXT_IF). The default behavior of the
firewall is to deny all incoming connections.
For additional requirements not covered by the configuration file custom iptables rules can be placed in /etc/arno-iptables-firewall/cus-
tom-rules. This file is automatically parsed by the service script.
See the README file (eg. in /usr/(local/)share/doc/arno-iptables-firewall) for an example how to manage logging of firewall events through
syslogd.
The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage).
Several plugins for the firewall script are available online. Plugins can be downloaded from http://rocky.eld.leidenuniv.nl/ Please see the
README file for more information.
FILES
/etc/init.d/arno-iptables-firewall system service script
/etc/arno-iptables-firewall/firewall.conf firewall configuration
/etc/arno-iptables-firewall/conf.d/ firewall configuration directory
/etc/arno-iptables-firewall/custom-rules custom iptables rules
/etc/arno-iptables-firewall/blocked-hosts host blacklist
/etc/arno-iptables-firewall/mac-addresses mac filter list
Please note, that the last two files do exist in the initial configuration and their use is disabled in /etc/arno-iptables-firewall/fire-
wall.conf
SEE ALSO
iptables(8), arno-fwfilter(1), syslog.conf(5)
The http://rocky.eld.leidenuniv.nl/ web site.
AUTHOR
arno-iptables-firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>.
This manual page was written by Michael Hanke <michael.hanke@gmail.com>, for the Debian project (but may be used by others).
Michael Hanke March 14, 2012 ARNO-IPTABLES-FIREWALL(8)