03-25-2013
Linux bridged firewall - monitor traffic & block IP
Hi All,
I successfully configured a DEBIAN Lenny bridged firewall
using ebtables.
The bridged interface is br0.
The ethernet interface are eth0 & eth1 respectively.
All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers.
Can someone help me how to block ip temporarily using IPTABLES ?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi folks,
Lately my RS 6000 server is giving some problems.
Needs a reboot from time to time (4-8 days):mad:
Specs:
IBM/RS6000
Unix 4.3
3 gigabyte memory
I keep getting messages like :
" The fork function failed "
I have raised the paging space from 1 gigabyte to 3 gigabyte,... (2 Replies)
Discussion started by: Erik Rooijmans
2 Replies
2. UNIX for Dummies Questions & Answers
I've got a problem site that I need to block all referrers, but if possible, I'd really like to ban all ip's at the same time so that they can't figure out a way around it.
Any ideas? (4 Replies)
Discussion started by: osoamor
4 Replies
3. Linux
Hi,
I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Discussion started by: shantanuo
8 Replies
4. Shell Programming and Scripting
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies
5. Red Hat
How to monitor network device traffic using MRTG?
How can I add network devices in MRTG configuration to monitor? (2 Replies)
Discussion started by: manalisharmabe
2 Replies
6. IP Networking
I have a LAN for users 192.0.3.0
I have a WAN for servers 192.0.0.0
I have a iptables capable router with a static route from 192.0.3.0 to 192.0.0.0
my problem is SMB file sharing traffic is leaking on to our 192.0.0.0 and causing congestion. I only have one printer IP address that needs... (13 Replies)
Discussion started by: herot
13 Replies
7. Solaris
Hi All
We have T4-4 Server with 2 HBA configured for SAN connectivity. We want to monitor Data traffice going through these HBA. On other AIX system we have that capability with nmon. Following screen shows nmon HBA monitoring can we achieve same in Solaris 10.
... (1 Reply)
Discussion started by: uxravi
1 Replies
8. UNIX and Linux Applications
Hi Team,
I am facing issue while using Xalan & Xerces for my application.
Below are my environment details i am using :-
Platform:- Oracle Linux 6.6
Compiler :- solarisstudio12.3 C++ compiler for Linux
Below are the versions of Xalan & Xerces source code used to build the shared object... (0 Replies)
Discussion started by: agrachirag
0 Replies
9. IP Networking
My son does homework on a school laptop. I was thinking about setting up a gateway on my home network, so that I can monitor web traffic and know if he is doing his homework without standing over his shoulder. Ideally I would like to use the Raspberry Pi Model b that I already have. However, I... (15 Replies)
Discussion started by: gandolf989
15 Replies
10. Shell Programming and Scripting
Below is what i did to open the firewall port on
# sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent
Warning: ALREADY_ENABLED: 27012:tcp
success
# sudo firewall-cmd --reload
success
# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
... (10 Replies)
Discussion started by: mohtashims
10 Replies
LEARN ABOUT DEBIAN
shorewall-routestopped
SHOREWALL-ROUTESTOP(5) [FIXME: manual] SHOREWALL-ROUTESTOP(5)
NAME
routestopped - The Shorewall file that governs what traffic flows through the firewall while it is in the 'stopped' state.
SYNOPSIS
/etc/shorewall/routestopped
DESCRIPTION
This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped.
Warning
Changes to this file do not take effect until after the next shorewall start or shorewall restart command.
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
the alternate specification syntax).
INTERFACE - interface
Interface through which host(s) communicate with the firewall
HOST(S) (hosts) - [-|address[,address]...]
Optional. Comma-separated list of IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are
also allowed.
If left empty or supplied as "-", 0.0.0.0/0 is assumed.
OPTIONS - [-|option[,option]...]
Optional. A comma-separated list of options. The order of the options is not important but the list can contain no embedded whitespace.
The currently-supported options are:
routeback
Set up a rule to ACCEPT traffic from these hosts back to themselves. Beginning with Shorewall 4.4.9, this option is automatically
set if routeback is specified in shorewall-interfaces[1] (5) or if the rules compiler detects that the interface is a bridge.
source
Allow traffic from these hosts to ANY destination. Without this option or the dest option, only traffic from this host to other
listed hosts (and the firewall) is allowed. If source is specified then routeback is redundant.
dest
Allow traffic to these hosts from ANY source. Without this option or the source option, only traffic from this host to other listed
hosts (and the firewall) is allowed. If dest is specified then routeback is redundant.
notrack
The traffic will be exempted from conntection tracking.
PROTO (Optional) - protocol-name-or-number
Protocol.
DEST PORT(S) (dport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
SOURCE PORT(S) (sport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
Note
The source and dest options work best when used in conjunction with ADMINISABSENTMINDED=Yes in shorewall.conf[2](5).
EXAMPLE
Example 1:
#INTERFACE HOST(S) OPTIONS PROTO DEST SOURCE
# PORT(S) PORT(S)
eth2 192.168.1.0/24
eth0 192.0.2.44
br0 - routeback
eth3 - source
eth4 - notrack 41
FILES
/etc/shorewall/routestopped
SEE ALSO
http://shorewall.net/starting_and_stopping_shorewall.htm
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)
NOTES
1. shorewall-interfaces
http://www.shorewall.net/manpages/shorewall-interfaces.html
2. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
[FIXME: source] 06/28/2012 SHOREWALL-ROUTESTOP(5)