Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cloudflare and iptables
Top Forums UNIX for Beginners Questions & Answers Cloudflare and iptables Post 303045762 by Abu Rayane on Sunday 12th of April 2020 11:10:26 AM
Old 04-12-2020
@Neo: Basically if an IP (range of IP) is whitelisted, it should not be blocked, or may cloudflare are using other IPs than those mentioned in their file
 

10 More Discussions You Might Find Interesting

1. IP Networking

IPtables

Hey guys, I have just started using IP tables and was wondering if anyone could direct me to any good online resources as I am totally new to this. Thanks. (1 Reply)
Discussion started by: 182x
1 Replies

2. IP Networking

Need help with iptables

Trying to create a whitelist to limit bandwidth. My sync speed is 1536/256 kbps. Simple rules in order: 1. Do not limit (or set to 1536/256) MAC 00:00:00:00:00 (computer is in 192.168.1.0/24). 2. Do not limit (or set to 1536/256) MAC 00:00:00:00:01 (computer is in 192.168.1.0/24). 3. Do not... (1 Reply)
Discussion started by: kripz
1 Replies

3. IP Networking

Iptables

Thanks in advance I have to remove ip_tables_name from /proc/net/... i was trying to do so and getting the following error cmd : rm ip_tables_names error : rm: remove regular empty file `ip_tables_names'? y rm: cannot remove `ip_tables_names': Operation not permitted (4 Replies)
Discussion started by: sudeepiit
4 Replies

4. IP Networking

Iptables

What should be the iptables rule so that only the subnet 64.61.11.224/255.255.255.248 may access the mysql port 3306 (1 Reply)
Discussion started by: proactiveaditya
1 Replies

5. IP Networking

iptables changes

Hello We have one linux machine in the office which happens to be an important firewall. I just know the basics and need to make one change Essentially it is forward mysql traffic to another internal machine. This is the original rule (forward to 192.20.0.17) which is working ... (0 Replies)
Discussion started by: rina5392
0 Replies

6. UNIX for Dummies Questions & Answers

help with iptables

Hi, On the IPTABLES, I did iptables --flush. I want to start fresh. Now I only want two things. Allow one ip address to this server. Allow port 443 as incoming from every where. Please advice how to do this. This is what I did so for. iptables -I INPUT -i eth0 -s 1.2.3.4 -j ACCEPT... (5 Replies)
Discussion started by: samnyc
5 Replies

7. UNIX for Dummies Questions & Answers

Help with iptables

Hi, I just build a Linux server, I said yes to enable the firewall. I only choose SSH conneciton. When I check the iptables. I see all of this (see below). I want to reject every thing only allow SSH from subnet 192.168.1.xx. Can you advise, how to do. Chain RH-Firewall-1-INPUT (2... (2 Replies)
Discussion started by: samnyc
2 Replies

8. IP Networking

Help with iptables

photo... (1 Reply)
Discussion started by: beerpong1
1 Replies

9. Red Hat

iptables help for port 80

Hi I enable the IPtables but port 80 was not working. Below is my active configuration (10 Replies)
Discussion started by: ranjancom2000
10 Replies

10. Ubuntu

iptables

Hi I need help with an iptables configuration, this is what I have server A Server B A and B are using different gateways i am sending port 22 from A to B, I see the packages coming in B but B is not sending the package to internet. please give me some examples. (0 Replies)
Discussion started by: lmartinez073
0 Replies

LEARN ABOUT DEBIAN

lwpx::paranoidagent

LWPx::ParanoidAgent(3pm)				User Contributed Perl Documentation				  LWPx::ParanoidAgent(3pm)

NAME

       LWPx::ParanoidAgent - subclass of LWP::UserAgent that protects you from harm

SYNOPSIS

	require LWPx::ParanoidAgent;

	my $ua = LWPx::ParanoidAgent->new;

	# this is 10 seconds overall, from start to finish.  not just between
	# socket reads.  and it includes all redirects.  so attackers telling
	# you to download from a malicious tarpit webserver can only stall
	# you for $n seconds

	$ua->timeout(10);

	# setup extra block lists, in addition to the always-enforced blocking
	# of private IP addresses, loopbacks, and multicast addresses

	$ua->blocked_hosts(
	   "foo.com",
	   qr/.internal.company.com$/i,
	   sub { my $host = shift;  return 1 if is_bad($host); },
	);

	$ua->whitelisted_hosts(
	   "brad.lj",
	   qr/^192.168.64.3?/,
	   sub { ... },
	);

	# get/set the DNS resolver object that's used
	my $resolver = $ua->resolver;
	$ua->resolver(Net::DNS::Resolver->new(...));

	# and then just like a normal LWP::UserAgent, because it is one.
	my $response = $ua->get('http://search.cpan.org/');
	...
	if ($response->is_success) {
	    print $response->content;  # or whatever
	}
	else {
	    die $response->status_line;
	}

DESCRIPTION

       The "LWPx::ParanoidAgent" is a class subclassing "LWP::UserAgent", but paranoid against attackers.  It's to be used when you're fetching a
       remote resource on behalf of a possibly malicious user.

       This class can do whatever "LWP::UserAgent" can (callbacks, uploads from files, etc), except proxy support is explicitly removed, because
       in that case you should do your paranoia at your proxy.

       Also, the schemes are limited to http and https, which are mapped to "LWPx::Protocol::http_paranoid" and "LWPx::Protocol::https_paranoid",
       respectively, which are forked versions of the same ones without the "_paranoid".  Subclassing them didn't look possible, as they were
       essentially just one huge function.

       This class protects you from connecting to internal IP ranges (unless you whitelist them), hostnames/IPs that you blacklist, remote
       webserver tarpitting your process (the timeout parameter is changed to be a global timeout over the entire process), and all combinations
       of redirects and DNS tricks to otherwise tarpit and/or connect to internal resources.

CONSTRUCTOR

       "new"
	   my $ua = LWPx::ParanoidAgent->new([ %opts ]);

	   In addition to any constructor options from LWP::UserAgent, you may also set "blocked_hosts" (to an arrayref), "whitelisted_hosts"
	   (also an arrayref), and "resolver", a Net::DNS::Resolver object.

METHODS

       $csr->resolver($net_dns_resolver)
       $csr->resolver
	   Get/set the Net::DNS::Resolver object used to lookup hostnames.

       $csr->blocked_hosts(@host_list)
       $csr->blocked_hosts
	   Get/set the the list of blocked hosts.  The items in @host_list may be compiled regular expressions (with qr//), code blocks, or scalar
	   literals.  In any case, the thing that is match, passed in, or compared (respectively), is all of the given hostname, given IP address,
	   and IP address in canonical a.b.c.d decimal notation.  So if you want to block "1.2.3.4" and the user entered it in a mix of
	   network/host form in a mix of decimal/octal/hex, you need only block "1.2.3.4" and not worry about the details.

       $csr->whitelisted_hosts(@host_list)
       $csr->whitelisted_hosts
	   Like blocked hosts, but matching the hosts/IPs that bypass blocking checks.	The only difference is the IP address isn't canonicalized
	   before being whitelisted-matched, mostly because it doesn't make sense for somebody to enter in a good address in a subversive way.

SEE ALSO

       See LWP::UserAgent to see how to use this class.

WARRANTY

       This module is supplied "as-is" and comes with no warranty, expressed or implied.  It tries to protect you from harm, but maybe it will.
       Maybe it will destroy your data and your servers.  You'd better audit it and send me bug reports.

BUGS

       Maybe.  See the warranty above.

COPYRIGHT

       Copyright 2005 Brad Fitzpatrick

       Lot of code from the the base class, copyright 1995-2004 Gisle Aas.

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.10.1							    2009-12-13						  LWPx::ParanoidAgent(3pm)
All times are GMT -4. The time now is 12:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy