Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: iptables rule sanity check?
Special Forums Cybersecurity iptables rule sanity check? Post 302736181 by unclecameron on Tuesday 27th of November 2012 01:23:22 AM
Old 11-27-2012
iptables rule sanity check?
why would:
Code:
 iptables -A INPUT -s 180.0.0.0/8 -j DROP

along with /etc/hosts.deny rule of
Code:
 ALL: 180.0.0.0/8

not stop traffic to/from 180.x.x.x, which I still see by running iftop? Or could iftop just be showing an artifact and is there a better way to monitor connections real-time?
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

iptables rule to block ping to internet

I want to block ping on a linuxbox to any other address where it would go to the default gateway. vmdebianamd64:/etc/tcng# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 198.9.200.0 * 255.255.255.0 U 0 ... (1 Reply)
Discussion started by: progressdll
1 Replies

2. Debian

./configure is broken - /lib/cpp fails sanity check

Hi, I first wanted to install my NIC drivers but it said: Makefile:62: *** Linux kernel source not found. Stop. So I installed the kernel source: linux-source-2.6.18_2.6.18.dfsg.1-13etch5_all.deb 1) cd /usr/src 2) -xjvf linux-source.2.6.18.extension (forget what it was) 3) ln -s... (12 Replies)
Discussion started by: Virtuality
12 Replies

3. UNIX for Advanced & Expert Users

*** [Gentoo] sanity check failed! ***

I faced the following error while configuring the spine for cacti. Can any one help me to sort out this problem: hecking how to run the C++ preprocessor... g++ -E checking for g77... g77 checking whether we are using the GNU Fortran 77 compiler... yes checking whether g77 accepts -g... yes... (1 Reply)
Discussion started by: praveen_b744
1 Replies

4. Solaris

lib/cpp fails sanity check

I'm trying to install a new library for php but everytime I run configure I got the following error "lib/cpp" fails sanity check. My OS is solaris 10 Any help on how to solve this issue would be highly appreciated (3 Replies)
Discussion started by: dahr
3 Replies

5. Linux

iptables rule problem

Hi, i have 40 client's in my network, that connected to internet via squid server (WebProxy). i want none of these client can't ping my squid server bat squid server can ping them.i wrote these rules but it is'nt work. iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -p... (1 Reply)
Discussion started by: skynet_boy
1 Replies

6. IP Networking

iptables - most easy way to find rule and remove it?

I have situation where I have rules in iptables with comments. Now... I can for example enter rule like "iptables -A FORWARD -s xxx -j ACCEPT" and delete it with "iptables -D FORWARD -s xxx -j ACCEPT".. but if that rule contain some random comment (-m comment) then ... ? I can find with scripting... (2 Replies)
Discussion started by: darkman_hr
2 Replies

7. Cybersecurity

LDAP - sanity check

I have recently changed jobs and where i used to work we had kerberos. Here they have nothing resembling central password management or Network Authentication. I have started looking at LDAP but wonder if that is a good choice. we have a solaris/centos environment (no windows whoo hooo) with 4... (2 Replies)
Discussion started by: oly_r
2 Replies

8. UNIX for Dummies Questions & Answers

iptables rule to block access from VM Browser to Firewall Login Page

(1 Reply)
Discussion started by: senrabdet
1 Replies

LEARN ABOUT SUSE

iptables-xml

IPTABLES-XML(8) 														   IPTABLES-XML(8)

NAME

       iptables-xml -- Convert iptables-save format to XML

SYNOPSIS

       iptables-xml [-c] [-v]

DESCRIPTION

       iptables-xml  is  used  to convert the output of iptables-save into an easily manipulatable XML format to STDOUT.  Use I/O-redirection pro-
       vided by your shell to write to a file.

       -c, --combine
	      combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target  per
	      match,  so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
	      matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.

       -v, --verbose
	      Output xml comments containing the iptables line from which the XML is derived

       iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j  targets	in
       order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
       a target like SNAT and another chain.

       Some sample output is:

       <iptables-rules>
	 <table name="mangle">
	   <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
	     <rule>
	      <conditions>
	       <match>
		 <p>tcp</p>
	       </match>
	       <tcp>
		 <sport>8443</sport>
	       </tcp>
	      </conditions>
	      <actions>
	       <call>
		 <check_ip/>
	       </call>
	       <ACCEPT/>
	      </actions>
	     </rule>
	   </chain>
	 </table> </iptables-rules>

       Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using  libxsltproc
       or similar; in this fashion:

       xsltproc iptables.xslt my-iptables.xml | iptables-restore

BUGS

       None known as of iptables-1.3.7 release

AUTHOR

       Sam Liddicott <azez@ufomechanic.net>

SEE ALSO

       iptables-save(8), iptables-restore(8), iptables(8)

								   Jul 16, 2007 						   IPTABLES-XML(8)
All times are GMT -4. The time now is 01:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy