Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How iptables directs to localhost in this series of iptable rules
Top Forums UNIX for Advanced & Expert Users How iptables directs to localhost in this series of iptable rules Post 302570585 by Corona688 on Thursday 3rd of November 2011 04:57:23 PM
Old 11-03-2011
Quote:
Originally Posted by Narnie
#4 is dropping broadcast packets, but I'm not exactly sure where those would come from. #4 and #5 I have found on other sites that on networks with Windows systems on them, there will be a lot of broadcast and multicast packets on them that will hog the logs, so it just drops them. Does this make since? If not, other explainations are welcome. Not sure what Windows is doing here, but it seems to be in some of the "best practices" info on firewall building.
Older versions of MS Messenger spam broadcast messages continuously.

I don't see why the firewall needs to care about this either.
Quote:
#6 I understand the difference, but wonder why sometimes things are just dropped (and therefore silent) and if everything makes it through the rules to this point, it might be chosen to use are REJECT and thus send back a TCP RST packet alerting them that they got a "live" system. Just curious on this one.
That's often why things are DROPped instead of REJECTed, yes.

Some firewalls even have a 'tarpit' sort of thing to dump known-hostile connections into. Tarpitted hosts get just enough response from the server to think they've connected, but they haven't. Tarpitted connections still take the usual ten minutes timeout before dying. I think it's a strategy against DDOS.
 

9 More Discussions You Might Find Interesting

1. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

2. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

3. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

4. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

5. Web Development

$_SERVER['DOCUMENT_ROOT'] directs to /var/www not ~/public_html

Hi all, Exactly like my title says. I am learning PHP and MySQL and I used to use /var/www/ to host (contain or store) my files (.htm/.php) for testing. I could configure, finally, apache2 to use ~/public_html instead. Now I when I tried to use $_SERVER it still directs (I used echo to show... (7 Replies)
Discussion started by: faizlo
7 Replies

6. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

7. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

8. Cybersecurity

Need help for iptables rules

Hello, I did 2 scripts. The second one is, I hope, more secure. What do you think? Basic connection (no server, no router, no DHCP and the Ipv6 is disabled) #######script one #################### iptables -F iptables -X -t filter iptables -P INPUT DROP iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies

9. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT DEBIAN

arno-iptables-firewall

ARNO-IPTABLES-FIREWALL(8)												 ARNO-IPTABLES-FIREWALL(8)

NAME

       arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support.

SYNOPSIS

       /etc/init.d/arno-iptables-firewall [start|stop|status|force-reload|restart]

DESCRIPTION

       arno-iptables-firewall  is  an  iptables configuration script with support for both IPv4 & IPv6.  While it is extremely easy to use one can
       nevertheless use it in quite complicated environments.

       All available options are explained in the extensively documented configuration file.

       The external interface of the system needs to be set up properly in the firewalls configuration file (EXT_IF).  The default behavior of the
       firewall is to deny all incoming connections.

       For  additional	requirements not covered by the configuration file custom iptables rules can be placed in /etc/arno-iptables-firewall/cus-
       tom-rules.  This file is automatically parsed by the service script.

       See the README file (eg. in /usr/(local/)share/doc/arno-iptables-firewall) for an example how to manage logging of firewall events  through
       syslogd.

       The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage).

       Several plugins for the firewall script are available online. Plugins can be downloaded from http://rocky.eld.leidenuniv.nl/ Please see the
       README file for more information.

FILES

       /etc/init.d/arno-iptables-firewall	       system service script
       /etc/arno-iptables-firewall/firewall.conf       firewall configuration
       /etc/arno-iptables-firewall/conf.d/	       firewall configuration directory
       /etc/arno-iptables-firewall/custom-rules        custom iptables rules
       /etc/arno-iptables-firewall/blocked-hosts       host blacklist
       /etc/arno-iptables-firewall/mac-addresses       mac filter list

       Please note, that the last two files do exist in the initial configuration and their use is disabled  in  /etc/arno-iptables-firewall/fire-
       wall.conf

SEE ALSO

       iptables(8), arno-fwfilter(1), syslog.conf(5)

       The http://rocky.eld.leidenuniv.nl/ web site.

AUTHOR

       arno-iptables-firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>.

       This manual page was written by Michael Hanke <michael.hanke@gmail.com>, for the Debian project (but may be used by others).

Michael Hanke							  March 14, 2012					 ARNO-IPTABLES-FIREWALL(8)
All times are GMT -4. The time now is 12:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy