Super User
Super User

Questions tagged [iptables]

Iptables is a module that provides the Linux operating system functions of firewall, NAT and logging of data traveling over a computer network.

iptables is the name of the tool that allows you to create firewall rules and NATs. While technically iptables is merely a tool that controls the netfilter module, the name "iptables" is often used as a reference to the full functionality of netfilter. Iptables is part of all modern Linux distributions.

1954 questions
80
votes
2 answers

Does tcpdump bypass iptables?

I mistakenly setup open resolver DNS server, which was soon used for a bunch of DDoS attacks originating somewhere from / to Russia. For that reason I completely blocked port 53 on both DNS servers for everyone except for trusted IP's. It does work,…
Petr
  • 2,481
67
votes
9 answers

How can I check if an iptables rule already exists?

I need to add a rule to iptables to block connections to a TCP port from the Internet. Since my script may be called multiple times and there is not a script to delete the rule, I want to check if an iptables rule already exists before inserting it…
sevenever
  • 774
57
votes
2 answers

need iptables rule to accept all incoming traffic

For my test environment i want to accept all incoming traffic, can someone please give me the iptable rule to be added. My current iptables -L -n output looks like this Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT …
Ashish Kumar Shah
44
votes
1 answer

show interfaces in iptables -L

Is there a way to show the network interfaces via iptables -L in Ubuntu 12.04? When I execute an iptables -L I get an output like this : Chain INPUT (policy DROP) target prot opt source destination ... ACCEPT all -- …
Chris
  • 545
44
votes
1 answer

iptables vs route

What's the difference between these two tools? Can anybody tell me what the main workflow of networking behind Linux (in relation to IPv4 packet filtering, NAT and IP routing table) is?
Determinant
  • 1,320
43
votes
3 answers

No idea what is listening on port 80 in OS X

I'm on OSX Mountain Lion 10.8.3, and I've freshly rebooted my Mac. I want to start a service (like Apache on port 80), but there is already something going on with port 80: telnet localhost 80 Trying ::1... Connected to localhost. Escape character…
geoff
  • 543
34
votes
2 answers

What are the iptables rules to permit ntp?

My server's clock is wrong because the firewall doesn't permit ntp traffic. What are the iptables rules required to allow the ntp client to get out and back? Any suggestions how to implement those rules on Ubuntu also appreciated.
John Mee
  • 938
33
votes
2 answers

What's the difference between iptables "state" and "ctstate"?

I saw this iptables snippet in a different Super User answer: iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state…
Hubro
  • 6,016
30
votes
6 answers

With Linux iptables, is it possible to log the process/command name that initiates an outbound connection?

I would like to keep track of the processes that initiate outbound connections on a Linux desktop. The best I can come up with is this: iptables -A OUTPUT -m state --state NEW -j LOG --log-uid This logs the uid/gid that initiates the connection,…
Nack
  • 443
  • 1
  • 5
  • 7
30
votes
3 answers

How to verify if iptables is running or the firewall is activated

When I run on my linux Redhat version 6.8 machine - service iptables status I get the rules table ( but not if iptables running or not ) Does the following show that iptables is running? # service iptables status Table: filter Chain INPUT…
King David
  • 1,001
27
votes
3 answers

How to block all ports except 80,443 with iptables?

Blocking all ports(in and out) is easy but it's hard with the word "except". I don't know any rules that satisfies the condition. PS: I know this question is nothing new. But in fact, I didn't find anything helps. So, help me pls!
user71169
  • 415
27
votes
5 answers

iptables/1.8.2 Failed to initialize nft: Protocol not supported

I'm having a problem using iptables on my Raspberry PI. I've just downloaded a fresh version of Raspbian Lite on my PI and all I'm trying to do is check my iptables rules but it's not working and I'm getting this error:>> iptables -Liptables/1.8.2…
Kenan
  • 271
26
votes
5 answers

Deny all incoming connections with iptables?

I want to make some simple iptables rules to deny all incoming connections and allow outgoing. How can I do that?
polyglot
  • 461
25
votes
1 answer

Remove port aliases in iptables

How can I make iptables show me port numbers instead of aliases for well known port numbers (eg. http for 80, https for 443 etc.). Is there a way to make it show just port numbers at all times?
Lukasz
  • 439
24
votes
1 answer

How to negate a range in iptables?

I've seen people use the exclamation mark (!) in multiple examples, but when I try to use it I get an error. The rule I'm trying: -A OUTPUT -m owner --gid-owner 1006 -d ! 192.168.1.0/24 -j DROP The error: Bad argument '192.168.1.0/24' What is the…
user12932
  • 395
1
2 3
99 100