Visit The New, Modern Unix Linux Community

iptables rule sanity check?

Thread Tools Search this Thread
Special Forums Cybersecurity iptables rule sanity check?
# 1  
iptables rule sanity check?

why would:
 iptables -A INPUT -s -j DROP

along with /etc/hosts.deny rule of

not stop traffic to/from 180.x.x.x, which I still see by running iftop? Or could iftop just be showing an artifact and is there a better way to monitor connections real-time?
# 2  
In fact I wonder if this is the right forum, I would believe Security - The UNIX and Linux Forums or IP Networking - The UNIX and Linux Forums more suitable... Let us know if you desire to move your thread...
# 3  
Originally Posted by unclecameron
why would (..) along with /etc/hosts.deny rule of (..) not stop traffic to/from 180.x.x.x, which I still see by running iftop?
First of all tcp_wrappers may be considered complementary in a multi-layered approach to network access restrictions but there's a fundamental difference between tcp_wrappers and Netfilter. The first works only at the application level (and only if the application was compiled with -libwrap) and the latter works at the network level, meaning no interaction with any application.
In short: Netfilter = "must have", tcp_wrappers = "nice to have".

As for your question you show isolated rules, no rule counters and no evidence of traffic, meaning your rule could be placed below a rule that already accepts traffic or you haven't killed or restarted the network process or didn't reset individual connections so you might be seeing already established connections.

Originally Posted by unclecameron
Or could iftop just be showing an artifact and is there a better way to monitor connections real-time?
I doubt that. Iftop uses the libpcap ('man 3 pcap') framework for data handling just like tcpdump, Wireshark or say nmap.
# 4  
@vbe: thanks for moving the post, makes sense Smilie

@unSpawn: There are no other rules active in iptables, and I have restarted all the network related processes I could find. Thanks for the info on pcap

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #308
Difficulty: Easy
The first computer bug was created by a broken keyboard input.
True or False?

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables rule to block access from VM Browser to Firewall Login Page

(1 Reply)
Discussion started by: senrabdet
1 Replies

2. Cybersecurity

LDAP - sanity check

I have recently changed jobs and where i used to work we had kerberos. Here they have nothing resembling central password management or Network Authentication. I have started looking at LDAP but wonder if that is a good choice. we have a solaris/centos environment (no windows whoo hooo) with 4... (2 Replies)
Discussion started by: oly_r
2 Replies

3. IP Networking

iptables - most easy way to find rule and remove it?

I have situation where I have rules in iptables with comments. Now... I can for example enter rule like "iptables -A FORWARD -s xxx -j ACCEPT" and delete it with "iptables -D FORWARD -s xxx -j ACCEPT".. but if that rule contain some random comment (-m comment) then ... ? I can find with scripting... (2 Replies)
Discussion started by: darkman_hr
2 Replies

4. Linux

iptables rule problem

Hi, i have 40 client's in my network, that connected to internet via squid server (WebProxy). i want none of these client can't ping my squid server bat squid server can ping them.i wrote these rules but it is'nt work. iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -p... (1 Reply)
Discussion started by: skynet_boy
1 Replies

5. Solaris

lib/cpp fails sanity check

I'm trying to install a new library for php but everytime I run configure I got the following error "lib/cpp" fails sanity check. My OS is solaris 10 Any help on how to solve this issue would be highly appreciated (3 Replies)
Discussion started by: dahr
3 Replies

6. UNIX for Advanced & Expert Users

*** [Gentoo] sanity check failed! ***

I faced the following error while configuring the spine for cacti. Can any one help me to sort out this problem: hecking how to run the C++ preprocessor... g++ -E checking for g77... g77 checking whether we are using the GNU Fortran 77 compiler... yes checking whether g77 accepts -g... yes... (1 Reply)
Discussion started by: praveen_b744
1 Replies

7. Debian

./configure is broken - /lib/cpp fails sanity check

Hi, I first wanted to install my NIC drivers but it said: Makefile:62: *** Linux kernel source not found. Stop. So I installed the kernel source: linux-source-2.6.18_2.6.18.dfsg.1-13etch5_all.deb 1) cd /usr/src 2) -xjvf linux-source.2.6.18.extension (forget what it was) 3) ln -s... (12 Replies)
Discussion started by: Virtuality
12 Replies

8. UNIX for Advanced & Expert Users

iptables rule to block ping to internet

I want to block ping on a linuxbox to any other address where it would go to the default gateway. vmdebianamd64:/etc/tcng# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 ... (1 Reply)
Discussion started by: progressdll
1 Replies

Featured Tech Videos