Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How iptables directs to localhost in this series of iptable rules
Top Forums UNIX for Advanced & Expert Users How iptables directs to localhost in this series of iptable rules Post 302570585 by Corona688 on Thursday 3rd of November 2011 04:57:23 PM
Old 11-03-2011
Quote:
Originally Posted by Narnie
#4 is dropping broadcast packets, but I'm not exactly sure where those would come from. #4 and #5 I have found on other sites that on networks with Windows systems on them, there will be a lot of broadcast and multicast packets on them that will hog the logs, so it just drops them. Does this make since? If not, other explainations are welcome. Not sure what Windows is doing here, but it seems to be in some of the "best practices" info on firewall building.
Older versions of MS Messenger spam broadcast messages continuously.

I don't see why the firewall needs to care about this either.
Quote:
#6 I understand the difference, but wonder why sometimes things are just dropped (and therefore silent) and if everything makes it through the rules to this point, it might be chosen to use are REJECT and thus send back a TCP RST packet alerting them that they got a "live" system. Just curious on this one.
That's often why things are DROPped instead of REJECTed, yes.

Some firewalls even have a 'tarpit' sort of thing to dump known-hostile connections into. Tarpitted hosts get just enough response from the server to think they've connected, but they haven't. Tarpitted connections still take the usual ten minutes timeout before dying. I think it's a strategy against DDOS.
 

9 More Discussions You Might Find Interesting

1. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

2. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

3. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

4. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

5. Web Development

$_SERVER['DOCUMENT_ROOT'] directs to /var/www not ~/public_html

Hi all, Exactly like my title says. I am learning PHP and MySQL and I used to use /var/www/ to host (contain or store) my files (.htm/.php) for testing. I could configure, finally, apache2 to use ~/public_html instead. Now I when I tried to use $_SERVER it still directs (I used echo to show... (7 Replies)
Discussion started by: faizlo
7 Replies

6. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

7. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

8. Cybersecurity

Need help for iptables rules

Hello, I did 2 scripts. The second one is, I hope, more secure. What do you think? Basic connection (no server, no router, no DHCP and the Ipv6 is disabled) #######script one #################### iptables -F iptables -X -t filter iptables -P INPUT DROP iptables -P FORWARD... (6 Replies)
Discussion started by: Thomas342
6 Replies

9. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT DEBIAN

udptunnel

UDPTunnel(1)								net							      UDPTunnel(1)

NAME

       udptunnel - Tunnel UDP packets over a TCP connection

SYNTAX

       udptunnel -s TCP-port [-r] [-v] UDP-addr/UDP-port[/ttl]
       udptunnel -c TCP-addr[/TCP-port] [-r] [-v] UDP-addr/UDP-port[/ttl]

DESCRIPTION

       UDPTunnel is a small program which can tunnel UDP packets bi-directionally over a TCP connection. Its primary purpose (and original motiva-
       tion) is to allow multi-media conferences to traverse a firewall which allows only outgoing TCP connections.

USAGE

       UDPTunnel can be run in two modes: a client mode and a server mode. The client mode initiates the TCP connection before relaying  UDP;  the
       server  waits for an incoming connection before doing so. After the TCP connection is established, the behavior of the two modes is identi-
       cal. If you are using UDPTunnel to traverse a firewall as discussed above, the client would be run inside  the  firewall,  and  the  server
       would be run outside it.

OPTIONS

       -s TCP-port
	      Server  mode: If udptunnel is invoked with the -s option, it runs in server mode: the server will wait for an incoming connection on
	      the specified TCP port, and then relay UDP to and from it."

       -c TCP-addr[/TCP-port]
	      Client mode: If udptunnel is invoked with the -c option, it runs in client mode: it will open a TCP connection to the specified  TCP
	      host  and  port,	and then relay UDP on it. The TCP port may be omitted in this case; it will default to the same port number as the
	      UDP port.

       -r     RTP mode: In order to facilitate tunneling both RTP and RTCP traffic for a multi-media conference, this sets up relays on  two  con-
	      secutive	TCP and UDP ports. All specified port numbers in this case must be even. Note that both the client and the server must use
	      the -r flag for this to work; the server will not begin relaying packets until both its connections have been established.

       -v     Verbose output: This flag turns on verbose debugging output about UDPTunnel's actions. It may be given multiple times. With a single
	      -v, information about connection establishment is printed on UDPTunnel's standard error stream; with a second one, per-packet infor-
	      mation is also shown. Note that this latter case can produce a prodigious amount of information. If this flag is not given,  UDPTun-
	      nel will remain silent unless an error occurs.

       One of the two options -c and -s must be given; if not, it is an error.

       In  all	cases, the UDP address and port to tunnel is given after all options. UDPTunnel will listen to this adddress for packets, and will
       send received packets on this address. The address may be a multicast address; in this case, a multicast TTL should be specified, and  tun-
       neled  packets  will  be  sent  with  this  TTL.  All  addresses, TCP and UDP, may be specified either as an IPv4 dotted-quad address (e.g.
       224.2.0.1) or as a host name (e.g. conrail.cs.columbia.edu). Port numbers must be in the range of 1 to 65535; TTLs must be in the  range  0
       to 255.

PACKET FORMAT

       The packets are sent on TCP using the obvious, simple format: a sixteen-bit length field, in network byte order, precedes each data packet.
       This format was proposed in early drafts of RTP for RTP-over-TCP, but was dropped from the final specification.

KNOWN BUGS
/ISSUES
       UDPTunnel does not check incoming UDP packets to verify that they are indeed coming from the address which the user specified; it binds	to
       INADDR_ANY,  and accepts any UDP packet arriving on the specified port. This could potentially allow denial-of-service or spoofing attacks.
       If two or more -v options are given, per-packet identification will be printed of each packet's source address as it is received,  allowing
       such a situation to be diagnosed.

       For  multicast,	UDPTunnel  turns  off  packet loopback, as it has no way to distinguish its own packets it sent out from packets genuinely
       arriving on the multicast group. This means that if you are tunneling traffic from or to a multicast group, both ends of UDPTunnel must	be
       run  on	different  hosts  than	any  member  of  the group. (In general, the only way to distinguish looped packets from packets genuinely
       received from other applications on the local host is with application-layer labeling, as RTP does.)

       UDPTunnel is designed to tunnel RTP-style traffic, in which applications send and receive UDP packets to and from the same port (or pair of
       ports).	It does not support request/response-style traffic, in which a client request is sent from a transient port X to a well-known port
       Y, and the server's response is returned from port Y to port X.

       UDPTunnel deliberately ignores "Connection Refused" errors on the UDP port, clearing the socket error state, so that a tunnel may be set up
       before  conferencing  tools  are started on both ends. This may mean that a mis-typed UDP address or port is not recognized, as no error is
       printed. If two or more -v options are given, a diagnostic will be printed whenever the error state is cleared from the socket.

       Once one endpoint of a tunnel is taken down, closing the socket, the other one exits as well; to re-establish the tunnel, UDPTunnel must be
       restarted on both sides.

       IP version 6 is not supported.

AUTHORS

       UDPTunnel  was  written	by  Jonathan  Lennox  <lennox@cs.columbia.edu>. It incorporates code written by Henning Schulzrinne <hgs@cs.colum-
       bia.edu>.

       This manual page was written by Thomas Scheffczyk <thomas.scheffczyk@verwaltung.uni-mainz.de>, for the Debian GNU/Linux system (but may	be
       used by others).

Jonathan Lennox 							1.1							      UDPTunnel(1)
All times are GMT -4. The time now is 08:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy