Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,703 questions
0
votes
0
answers
40
views
Docker iptables behavior
I have two Redhat 8 virtual machines. I'm running Docker on both, in this case as a host for the application called Graphite.
The VMs started out identical to each other, and I pulled the same Docker ...
0
votes
1
answer
44
views
iptables changes not having any effect [closed]
I was attempting to interrupt a TCP connection on my system, and was altering iptables rules using the iptables command.
Nothing I did seemed to have any effect, though. Inserting and deleting rules ...
- 175
2
votes
1
answer
85
views
How to enable internet access for a bridge inside a Linux network namespace?
I've created two Linux network namespaces (ns1 and ns2), and inside each, I have:
A bridge (ns1-br0, ns2-br0)
A TAP device (tap0, tap1) connected to the respective bridge
Each TAP device gets an IP ...
1
vote
0
answers
56
views
How packet can get lost between filter INPUT and security INPUT chains of iptables?
From this flowchart https://stuffphilwrites.com/wp-content/uploads/2024/05/FW-IDS-iptables-Flowchart-v2024-05-22.png I know that packet goes from the INPUT chain of the filter table right into the ...
- 23
0
votes
1
answer
53
views
Iptables does not apply drop policy for other ports
I'm running a server where iptables is configured with a default DROP policy and I’ve only explicitly allowed certain ports (e.g., HTTP, HTTPS, SSH on port 22, etc.). Despite never adding a rule for ...
1
vote
0
answers
42
views
What does the phrase "consider native interface" refer to when the nftables wiki says that xt_bpf match is unsupported
In this list of unsupported xtables features. xt_bpf is listed as one of the unsupported features. The comment says to "consider native interface". But what interface is being referred to ...
- 599
1
vote
2
answers
126
views
IPIP tunnel between two docker containers on separate servers
Thank you in advance for your attention to my question and your help.
I have a rather specific task. I need to set up an IPIP tunnel between two Docker containers located on different physical servers....
- 11
0
votes
1
answer
159
views
How to set `iptables` so NTP works while internet access is blocked
I want to configure iptables such that it blocks everything except
Date time synchronization over the internet using NTP and
Access from machines in the LAN.
I wrote the following script:
# Reset ...
- 286
0
votes
0
answers
87
views
How to use iptables on Ubuntu?
I am looking the output of
sudo iptables -L --line-numbers
I got
Chain ufw-before-forward (1 references)
num target prot opt source destination
1 ACCEPT all -- ...
0
votes
1
answer
105
views
iptables: blocking all traffic to 80 and 443 ports, but still getting traffic
I'm trying to learn how to work with iptables.
I tried to stop all traffic by http and https.
My INPUT and OUTPUT chains were empty.
I initially did the following:
sudo iptables -A OUTPUT -p tcp --...
0
votes
1
answer
223
views
What are the correct iptables rules for an ipsec site to site?
I am trying to configure an IPSEC site to site using strongswan on Debian 12.
The VPN is UP, as shown below
Status of IKE charon daemon (strongSwan 5.9.8, Linux 6.1.0-30-cloud-amd64, x86_64):
...
- 1
0
votes
0
answers
64
views
Disable fib_validate_source
I have a situation very similar to this one where packets are being dropped after arriving on a tun0 interface. I confirmed with pwru that fib_validate_source is showing up before the packet gets ...
- 101
0
votes
0
answers
81
views
Redirect same port from NIC to localhost using iptables
I have a service that listens only on a port on localhost. In this case TCP 6464. This machine splits traffic between a NIC (eth0) and a VPN (tun0) interface, while some ports only listen on localhost ...
1
vote
1
answer
334
views
How can I non-interactively replace iptables with iptables-nft on Arch Linux?
I'm trying to create a Dockerfile for an Arch Linux image with iptables-nft installed. If I run the archlinux Docker image interactively and then pacman -Syu iptables-nft, I get asked iptables-nft-1:1....
2
votes
1
answer
995
views
How to enable direct connection to Tailscale's exit node with Gluetun
This is a Docker setup that runs a Tailscale node, routes traffic through Gluetun with NordVPN connected, and advertises the Tailscale node as an exit node.
services:
gluetun:
image: qmcgaw/...
- 21
0
votes
1
answer
86
views
Linux networking: setting up ethernet and wifi routers
I've been setting up a linux box as my router. And my networking is fairly simple at this point:
I have the router connected to my fiber box, which authenticates with my ISP using pppd.
I have an ...
- 123
0
votes
1
answer
248
views
Why isn't UDP port 443 accepting connections when iptables rules are set?
Why isn't UDP port 443 accepting connections when iptables rules are set?
Environment
Operating System: Linux 6.8.0-47-generic #47-Ubuntu, aarch64
Cloud VM: Yes (Hetzner)
Current Setup
I'm trying to ...
0
votes
0
answers
125
views
How to forward specific traffic between two interfaces in one machine RHEL8
OS: RHEL8.
Goal: Forward SIP and RTP from VM main interface(ens192) to virtual manually created(ens100)
For Testing I trying to forward only ICMP packets, but it's not working.
(VM1) --icmp--> ...
- 31
0
votes
1
answer
60
views
Need help building a wireless router that offers /30 public IP range through DHCP
I have a block of public IP addresses and I want to build a router using my Raspberry Pi to offer those public IP addresses to my devices behind CGNAT.
The topology
[Server](wireguard addr = 10.0.0.1/...
0
votes
2
answers
307
views
Firewall to allow only web browsing and no other network access
I am working on Debian Stable and it is working very well.
I see apf-firewall to simplify iptables. I want my firewall to only allow web browsing (including forms) and block all other network access. ...
- 323
0
votes
0
answers
223
views
iptables conflict docker & wireguard
I have docker installed as part of a packetfence deployment (for NAC 802.1x) on debian, to minimize the number of servers (saving on already limited resources) i wanted to have wireguard server on ...
0
votes
1
answer
77
views
Why can open port (iptables) be closed?
We are using iptables on our Linux server. And the table looks like this:
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT ...
- 249
0
votes
2
answers
452
views
Cannot get the TPROXY UDP to actually receive some data inside
I believe I am dealing with a routing issue on my system (which is a default Ubuntu 22 installation) but I really can't understand how to approach the debugging of said problem.
By following the ...
- 103
1
vote
1
answer
40
views
Can not redirect data package from wlan0 to local proxy service port 12345 by iptables
That is my iptables config:
Chain PREROUTING (policy ACCEPT 3187 packets, 517K bytes)
pkts bytes target prot opt in out source destination
295 17664 LOG ...
- 11
0
votes
1
answer
356
views
Wireguard connection to localhost via VPN refused
In order to access my webserver (behind CGNAT on my home PC), I established a wireguard tunnel between my home PC (wireguard IP 10.8.0.3) and a VPS (wireguard IP 10.8.0.1 and public IP 11.22.33.44). I ...
- 101