Questions tagged [firewall]

A Firewall is an application or hardware device used to inspect and filter network traffic.

Filter by
Sorted by
Tagged with
296 votes
16 answers

How to Unban an IP properly with Fail2Ban

I'm using Fail2Ban on a server and I'm wondering how to unban an IP properly. I know I can work with IPTables directly: iptables -D fail2ban-ssh <number> But is there not a way to do it with ...
psp's user avatar
  • 3,223
196 votes
22 answers

Is it normal to get hundreds of break-in attempts per day?

I just checked my server's /var/log/auth.log and found that I'm getting over 500 failed password/break-in attempt notifications per day! My site is small, and its URL is obscure. Is this normal? ...
Kyle Cureau's user avatar
  • 1,537
146 votes
11 answers

best way to clear all iptables rules

I currently have this snippet: # flush all chains iptables -F iptables -t nat -F iptables -t mangle -F # delete all chains iptables -X Is there a possibility that some impervious rule will stay ...
kagali-san's user avatar
  • 1,991
126 votes
4 answers

How to check if a port is blocked on a Windows machine?

On the Windows platform, what native options to I have to check if a port (3306, for example) on my local machine (as in localhost), is being blocked?
Boris Pavlović's user avatar
121 votes
7 answers

REJECT vs DROP when using iptables

Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP
Mike B's user avatar
  • 11.9k
119 votes
4 answers

What firewall ports need to be open to allow access to external git repositories?

What firewall port(s) need to be open to allow access to external git repositories?
markdorison's user avatar
  • 1,325
114 votes
8 answers

Which ports do I need to open in the firewall to use NFS?

I'm running Ubuntu 11.10 - setting up NFS to share a directory among many other servers. Which ports are required to be opened on the firewall?
kenny's user avatar
  • 1,253
110 votes
20 answers

Why should I firewall servers?

PLEASE NOTE: I'm not interested in making this into a flame war! I understand that many people have strongly-held beliefs about this subject, in no small part because they've put a lot of effort into ...
Ernie's user avatar
  • 5,352
100 votes
7 answers

SSH from A through B to C, using private key on B [closed]

I'm looking for a simple way to SSH from my local machine, A, through a proxy, B, to a destination host, C. The private key that goes with the public key on C is on B, and I can't put that key on my ...
wrangler's user avatar
  • 3,130
81 votes
2 answers

How to open port for a specific IP address with firewall-cmd on CentOS? [duplicate]

I would like to open port 4567 for the IP address with the firewall-cmd command on a CentOS 7.1 server. How can I achieve this, as the documentation I could find was too specific on this?
Michaël Perrin's user avatar
75 votes
1 answer

What is the difference between a Source NAT, Destination NAT and Masquerading?

What is the difference between a Source NAT, Destination NAT and Masquerading? For example, I thought IP Masqurading was what they used to call it in Linux? But what confuses me is that in our Astaro ...
hookenz's user avatar
  • 14.5k
74 votes
4 answers

How to PREPEND rules rather than APPEND using iptables?

Pretty basic question: how to PREPEND rules on IPTABLES rather than to APPEND? I have DROP statements at the bottom of my rules. I have a software to add new rules but adding rules after DROP ...
ale's user avatar
  • 933
67 votes
2 answers

iptables: difference between NEW, ESTABLISHED and RELATED packets

Part of a firewall on a server : iptables -A INPUT -p tcp --dport 22 -m state NEW --state -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 100 --...
Kris's user avatar
  • 1,377
67 votes
4 answers

Windows equivalent of iptables?

Dumb question: Is there an equivalent of iptables on Windows? Could I install one via cygwin? The real question: how can I accomplish on Windows what I can accomplish via iptables? Just looking for ...
Aaron F.'s user avatar
  • 895
66 votes
8 answers

What steps do you take to secure a Debian server? [closed]

I am installing a Debian server which is connected directly to the Internet. Obviously I want to make it as secure as possible. I would like you guys/gals to add your ideas to secure it and what ...
62 votes
5 answers

I accidentaly forbid SSH connection to a remote server... What's next?

Let's say it again, we all make mistakes, and I have just made one. A brief history: I was doing some stuff on a VPS (Debian) I'm renting, when I noticed some strange behaviour. Using the netstat ...
tomatoGuy's user avatar
  • 621
62 votes
18 answers

iptables Tips & Tricks [closed]

I'm sure Linux sysadmins are quite familiar with iptables, the userland interface to the netfilter packet-filtering framework. Now, this "Question" is meant to be a Community Wiki for collecting ...
61 votes
8 answers

Why would I need a firewall if my server is well configured?

I admin a handful of cloud-based (VPS) servers for the company I work for. The servers are minimal ubuntu installs that run bits of LAMP stacks / inbound data collection (rsync). The data is large ...
Aitch's user avatar
  • 1,179
60 votes
5 answers

iptables port redirect not working for localhost

I want to redirect all traffic from port 443 to the internal port 8080. I'm using this config for iptables: iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp \ --dport 443 -...
Chris's user avatar
  • 601
58 votes
10 answers

Why not block ICMP?

I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script... # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT ...
Agvorth's user avatar
  • 2,459
58 votes
6 answers

Where does UFW (uncomplicated firewall) save command-line rules to?

You add a rule like this: ufw allow 22/tcp The rule is saved, and is applied even after reboot. But it's not written anywhere in /etc/ufw. Where is it saved to? (Ubuntu, using ufw as pre-installed.)
Steve Bennett's user avatar
57 votes
4 answers

Is it possible to change an "Unidentified Network" into a "Home" or "Work" network on Windows 7

I have a problem with Windows 7 RC (7100). I frequently use a crossover network cable on WinXP with static IP addresses to connect to various industrial devices (e.g. robots, pumps, valves or even ...
Rhys's user avatar
  • 673
55 votes
2 answers

Are EC2 security group changes effective immediately for running instances?

I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately?...
Jonik's user avatar
  • 2,981
54 votes
6 answers

iptables error: unknown option --dport

The command iptables no longer recognizes one of the most commonly used options when defining rules: --dport. I get this error: [root@dragonweyr /home/calyodelphi]# iptables -A INPUT --dport 7777 -j ...
Calyo Delphi's user avatar
53 votes
3 answers

Ubuntu ufw: set a rule on a per interface basis

I want to create a rule that allows anyone on eth1 to access port 80. Can UFW do this or should I go back to using Shorewall? To clarify: this is a capabilties question, can ufw handle interfaces as ...
Antonius Bloch's user avatar
53 votes
2 answers

TCP/IP ports necessary for CIFS/SMB operation

If I want to allow Windows networked drives between two firewalled computers, do I need to open ports 137-139, or is port 445 sufficient? I have to submit a form and get approval to open firewall ...
Jonathan's user avatar
  • 633
49 votes
7 answers

How can I prevent a DDOS attack on Amazon EC2?

One of the servers I use is hosted on the Amazon EC2 cloud. Every few months we appear to have a DDOS attack on this sever. This slows the server down incredibly. After around 30 minutes, and ...
cwd's user avatar
  • 2,783
46 votes
3 answers

UFW Firewall Rules ordering?

I have the following rules on our server within UFW: To Action From -- ------ ---- 22 ALLOW 22 ...
dannymcc's user avatar
  • 2,717
43 votes
2 answers

Can I use ufw to setup a port forward?

Im currently using ufw to enforce some basic firewall rules. Is it possible to also use ufw to do port forwarding? Specifically im wanting to forward incoming traffic to my server (same machine ...
tinny's user avatar
  • 501
42 votes
1 answer

What does "!Z" and "!X" mean in a traceroute?

When you see "!Z" or "!X" in a traceroute, what does that mean? Where is it coming from, and how do I fix it?
Luke's user avatar
  • 1,942
40 votes
1 answer

Will tcpdump see packets that are being dropped by iptables?

I have a firewall with these simple rules: iptables -A INPUT -p tcp -s --dport 6000 -j ACCEPT iptables -A INPUT -p tcp -s --dport 6000 -j ACCEPT iptables -A INPUT -p tcp ...
Pablo Santa Cruz's user avatar
37 votes
6 answers

Hardware Firewall Vs. Software Firewall (IP Tables, RHEL)

My hosting company says IPTables is useless and doesn't provide any protection. Is this a lie? TL;DR I have two, co-located servers. Yesterday my DC company contacted me to tell me that because I'm ...
user avatar
36 votes
4 answers

How to make Firefox trust system CA certificates?

Our network admin recently enabled HTTPS inspection on our firewall/router. For IE users this is fine because the certs have all been distributed via Active Directory for domain-joined machines. ...
Wes Sayeed's user avatar
  • 1,922
35 votes
7 answers

What firewall ports do I need to open when using FTPS?

I need to access an FTPS server (vsftpd) on a vendor's site. The vendor has a firewall in front of the ftps server. I have a firewall in front of my FTPS client. I understand that ports 990, 991 and ...
user avatar
33 votes
4 answers

Copy UFW rules between servers

I'm doing a hardware refresh on a my Colo, I just need to copy my UFW rules from my old server to my new server. I dont seem to be able to get them copy all the active rules from my old server to my ...
Squidly's user avatar
  • 1,765
32 votes
1 answer

Fail2ban jail.local vs jail.conf

Does jail.local file act as an override to jail.conf or as a replacement to jail.conf? When I was learning about Fail2Ban from tutorials, most of them usually say either to copy jail.conf to jail....
Neel's user avatar
  • 1,451
32 votes
4 answers

Rate limiting with UFW: setting limits

UFW's man page mentions that it can setup iptables rate limiting for me: ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. ufw ...
Tom's user avatar
  • 631
31 votes
3 answers

Which ports for IPSEC/LT2P?

I have a firewall/router (not doing NAT). I've googled and seen conflicting answers. It seems UDP 500 is the common one. But the others are confusing. 1701, 4500. And some say I need to also ...
hookenz's user avatar
  • 14.5k
30 votes
5 answers

Will everyone having Globally Accessible IP's in IPv6 be kind of a security nightmare? [duplicate]

Possible Duplicate: Switch to IPv6 and get rid of NAT? Are you kidding? I'm thinking about the way that in IPv4 most of the time you have a single point to configure a firewall on, mainly your ...
leeand00's user avatar
  • 4,909
29 votes
8 answers

Block employee access to public cloud

First of all, let me state that this is not my idea and I don't want to discuss whether such an action is reasonable. However, for a company, is there a way to prevent employees to access public ...
marsze's user avatar
  • 467
29 votes
3 answers

iptables show just one chain

tldr: How can I get iptables to show just one chain? I can have iptables show just one table, but a table consists of multiple chains. I need to find where in chain INPUT is the last rule (usually ...
bgStack15's user avatar
  • 1,121
28 votes
4 answers

UFW comment existing rule?

I'm trying to comment an existing ufw firewall rule, but I can't find the exact command I can easily add a rule with comment like: sudo ufw allow in on eth0 to any port 80 comment 'test' But how do I ...
Emax's user avatar
  • 415
27 votes
11 answers

How can I find out if a port is opened or not?

I have installed Apache server on my Windows 7 computer. I was able to display the default index.php by typing http://localhost/ in the address line of my browser. However, I am still unable to see ...
Roman's user avatar
  • 2,589
27 votes
4 answers

Windows Advanced Firewall: What does "Edge Traversal" mean?

this should be a really simple one: In Advanced Windows Firewall on Windows Server 2008+, Properties > Advanced, what does "Edge Traversal" mean? I Googled it, of course, and was unable to come up ...
Django Reinhardt's user avatar
26 votes
5 answers

How to remove access to a port using firewall on Centos7?

Had a port opened up to for public use using firewall-cmd, I wanted to limit this port to a specific IP which I found the answer for on this SITE. I used the following to open it: $ firewall-cmd --...
mcv's user avatar
  • 945
25 votes
7 answers

Enable Ping in Windows Server Firewall?

I've just installed Windows Server 2008 on a server and I'm able to connect through Remote Desktop but can't ping. Do I need to open an special port on the firewall to be able to ping a server?
holiveira's user avatar
  • 889
25 votes
3 answers

Debugging iptables and common firewall pitfalls?

This is a proposed Canonical Question about understanding and debugging the software firewall on Linux systems. In response to EEAA's answer and @Shog's comment that we need a suitable canonical Q&...
HBruijn's user avatar
  • 78.7k
25 votes
3 answers

What does "incoming" and "outgoing" traffic mean?

I've seen many resources explaining how to set up a server's firewall to allow incoming and outgoing traffic on HTTP standard ports (80 and 443), but I can't figure out why I would need either of them....
mgibsonbr's user avatar
  • 353
25 votes
1 answer

Relationship between bastion host and jump host

What's are the differences/similarities between a "bastion host" and a "jump host"? Are they usually used interchangeably?
kolistivra's user avatar
24 votes
3 answers

CentOS 7 Firewall Configuration

In CentOS 6 I could type setup from the command line and I would be presented with a set of tools, one of them being Firewall configuration. I can still do this in CentOS 7, except the list no longer ...
ste's user avatar
  • 381

2 3 4 5