Hi,
So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years.
We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Hi,
I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0
Shouldn't this work?:
iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
i want to kill a tcp connection by killing its pid
with netstat -an i got the tcp ip connection on port 5914
but when i type ps -a or ps-e there is not such process running on port 5914
is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Hi All,
I successfully configured a DEBIAN Lenny bridged firewall
using ebtables.
The bridged interface is br0.
The ethernet interface are eth0 & eth1 respectively.
All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers.
Can... (1 Reply)
hi guys
I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem
and customer will be using rsync to sync backups among other things
I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Hi Experts,
I am receiving below error while trying to connect port 8080.
Could not open connection to the host, on port 8080 : connection refused.
iptables configuration
/etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of... (1 Reply)
If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ?
ps. because I always found the network is very slow , so I would like what the network port is doing .
Thanks
Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Hi Friends,
How to do port forwarding in AIX? We would like to re route traffic from port A to port B on AIX LPAR.
for example: my application is using 8080 port on LPAR and would like to use the 8081 instead of 8080. By default application was configured with 8080. But instead of changing... (2 Replies)
Discussion started by: System Admin 77
2 Replies
LEARN ABOUT DEBIAN
shorewall-routestopped
SHOREWALL-ROUTESTOP(5) [FIXME: manual] SHOREWALL-ROUTESTOP(5)NAME
routestopped - The Shorewall file that governs what traffic flows through the firewall while it is in the 'stopped' state.
SYNOPSIS
/etc/shorewall/routestopped
DESCRIPTION
This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped.
Warning
Changes to this file do not take effect until after the next shorewall start or shorewall restart command.
The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
the alternate specification syntax).
INTERFACE - interface
Interface through which host(s) communicate with the firewall
HOST(S) (hosts) - [-|address[,address]...]
Optional. Comma-separated list of IP/subnet addresses. If your kernel and iptables include iprange match support, IP address ranges are
also allowed.
If left empty or supplied as "-", 0.0.0.0/0 is assumed.
OPTIONS - [-|option[,option]...]
Optional. A comma-separated list of options. The order of the options is not important but the list can contain no embedded whitespace.
The currently-supported options are:
routeback
Set up a rule to ACCEPT traffic from these hosts back to themselves. Beginning with Shorewall 4.4.9, this option is automatically
set if routeback is specified in shorewall-interfaces[1] (5) or if the rules compiler detects that the interface is a bridge.
source
Allow traffic from these hosts to ANY destination. Without this option or the dest option, only traffic from this host to other
listed hosts (and the firewall) is allowed. If source is specified then routeback is redundant.
dest
Allow traffic to these hosts from ANY source. Without this option or the source option, only traffic from this host to other listed
hosts (and the firewall) is allowed. If dest is specified then routeback is redundant.
notrack
The traffic will be exempted from conntection tracking.
PROTO (Optional) - protocol-name-or-number
Protocol.
DEST PORT(S) (dport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
SOURCE PORT(S) (sport) - service-name/port-number-list
Optional. A comma-separated list of port numbers and/or service names from /etc/services. May also include port ranges of the form
low-port:high-port if your kernel and iptables include port range support.
Note
The source and dest options work best when used in conjunction with ADMINISABSENTMINDED=Yes in shorewall.conf[2](5).
EXAMPLE
Example 1:
#INTERFACE HOST(S) OPTIONS PROTO DEST SOURCE
# PORT(S) PORT(S)
eth2 192.168.1.0/24
eth0 192.0.2.44
br0 - routeback
eth3 - source
eth4 - notrack 41
FILES
/etc/shorewall/routestopped
SEE ALSO
http://shorewall.net/starting_and_stopping_shorewall.htm
http://shorewall.net/configuration_file_basics.htm#Pairs
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
shorewall-zones(5)NOTES
1. shorewall-interfaces
http://www.shorewall.net/manpages/shorewall-interfaces.html
2. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
[FIXME: source] 06/28/2012 SHOREWALL-ROUTESTOP(5)