LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

iptables workstation config

Posted 11-17-2013 at 10:03 AM by sag47
Updated 11-17-2013 at 11:07 AM by sag47
Tags iptables, ufw

Here's a decent iptables for a workstation that doesn't normally serve hosted applications. It is meant to just block the network while allowing the user to still use the network unhindered. If services will need to connect to your system then you'll have to open ports in the firewall.

Code:
#load firewall config with iptables-restore < iptables.rules
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#The following rules required
...
Senior Member
Posted in Uncategorized
Views 371 Comments 0 sag47 is offline
Old

-m recent --rdest or don't trust the man(page)

Posted 10-07-2012 at 12:35 PM by zhjim
Updated 10-07-2012 at 12:37 PM by zhjim

Looking for a way to block those 404 hoppers I match the outgoing packages from sport 80 for the string 404. Now that I have those classified I needed a way to block them when they would return. Normaly i would use the recent module for this. But as its a outgoing packet and recent normally uses the source ip I would block myself to come back in. But the man pages has the --rdest option which matches/saves on the destination ip. That would be cool but I would need it to block on the incoming package....
Senior Member
Posted in Uncategorized
Views 512 Comments 0 zhjim is offline
Old

Iptables rule traversal: bandwidth at >= 10K of IP addresses

Posted 11-24-2011 at 08:07 PM by unSpawn
Updated 11-24-2011 at 02:53 PM by unSpawn

Anyone who is interested in iptables performance will find Harris, Melara, Smith and Nico's "Performance analysis of the Linux firewall in a host" (2002) and Kadlecsik and Pásztor's "Netfilter Performance Testing" (2005). But what actually is the effect of a large rule set on performance?

The attached PDF I created is not an an exhaustive study of Netfilter performance but shows you Jperf data and pictures (joy!) for plain rule sets, ipset (iphash) and the iptables...
Attached Images
File Type: pdf Iptables rule traversal.pdf (551.9 KB, 103 views)
Moderator
Posted in Uncategorized
Views 2809 Comments 0 unSpawn is offline
Old

Limiting and blocking connections dynamically.

Posted 10-31-2011 at 03:46 PM by sag47
Updated 01-29-2014 at 11:14 AM by sag47

Today I feel like talking about limiting connections which get made to a server. There are a few ways to do it; some cooler than others. I'd like to feature some open source software while I'm at it.

Today I happened upon this thread which hilariously got closed for good reason. Once you wade through all the crap you'll see some pretty cool posts which explain how to limit incoming connections within a certain time period and other suggestions. I'll point out the most useful related...
Senior Member
Posted in Uncategorized
Views 762 Comments 0 sag47 is offline
Old

Format output to columns

Posted 11-09-2010 at 04:08 PM by jere21
Updated 10-09-2011 at 08:08 AM by jere21

Format output, e.g. postings of iptables output or /etc/mtab with column -t

Thanks to http://www.df7cb.de/blog/2010/column_-t.html
LQ Newbie
Posted in Uncategorized
Views 811 Comments 0 jere21 is offline

  



All times are GMT -5. The time now is 12:46 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration