Questions tagged [iptables]
iptables allow creation of rules to define packet filtering behavior. The most reliable way to provide an iptables ruleset in a question is with the output of (as root): iptables-save -c
2,703 questions
0
votes
1
answer
48
views
Can Linux route external traffic to a loopback?
My computer (server listening) 200.200.50.2 |
My client_computer 200.200.50.4
The problem is that I have a Python server listening on my computer:
python3 -m http.server -b 127.0.0.1 -p 80
I set the ...
0
votes
1
answer
36
views
Limited LAN access with iptables
I'm trying to limit LAN access for one Wireguard client to select ports (30042, 30013). My iptable is below but this allows the client access to all 192.168.1.227 ports?
-P INPUT ACCEPT
-P FORWARD ...
- 1
3
votes
4
answers
379
views
Why do I receive response from the closed via iptables port
I set the following rules on the server with help of iptables
sudo iptables -A OUTPUT -p tcp --sport 22 -j DROP
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Why am I getting a response via SSH?
...
- 159
0
votes
0
answers
67
views
Docker iptables behavior
I have two Redhat 8 virtual machines. I'm running Docker on both, in this case as a host for the application called Graphite.
The VMs started out identical to each other, and I pulled the same Docker ...
1
vote
2
answers
69
views
Relay IP between hosts
This might be a trivial question:
I have two hosts A and B that can access the internet behind NATs.
Their NATs do not allow for hole-punching or any other way to connect them directly.
Host C is a ...
- 11
0
votes
1
answer
63
views
iptables changes not having any effect [closed]
I was attempting to interrupt a TCP connection on my system, and was altering iptables rules using the iptables command.
Nothing I did seemed to have any effect, though. Inserting and deleting rules ...
- 185
1
vote
2
answers
281
views
Drop all packets sent to localhost and particular port
I want to drop all packets sent to a particular port. I first tried using firewalld/iptables-nft settings but that failed (maybe they're being processed by the kernel only?).
I succeeded in blocking ...
- 305
2
votes
1
answer
132
views
How to enable internet access for a bridge inside a Linux network namespace?
I've created two Linux network namespaces (ns1 and ns2), and inside each, I have:
A bridge (ns1-br0, ns2-br0)
A TAP device (tap0, tap1) connected to the respective bridge
Each TAP device gets an IP ...
0
votes
1
answer
300
views
Allow specific IP addresses through iptables with Wireguard
I have a number of self hosted services on my home server, running Arch Linux.
Context
A number of these are held in Docker containers (each with their own Docker compose file), though one (Jellyfin) ...
- 26
1
vote
0
answers
78
views
How packet can get lost between filter INPUT and security INPUT chains of iptables?
From this flowchart https://stuffphilwrites.com/wp-content/uploads/2024/05/FW-IDS-iptables-Flowchart-v2024-05-22.png I know that packet goes from the INPUT chain of the filter table right into the ...
- 23
0
votes
1
answer
141
views
route traffic to 127.0.0.1
My scenario:
I have two machines:
192.168.1.1
192.168.1.2
Machine 2 has a ssh server and I created a tunnel in machine 1 such as:
ssh -CfND 7777 [email protected] -4
I ran above command in machine ...
- 11.4k
0
votes
1
answer
75
views
Iptables does not apply drop policy for other ports
I'm running a server where iptables is configured with a default DROP policy and I’ve only explicitly allowed certain ports (e.g., HTTP, HTTPS, SSH on port 22, etc.). Despite never adding a rule for ...
1
vote
0
answers
84
views
Is it possible to route GTP traffic in Linux?
I want to be able to route GTP-U traffic that arrives to my linux through two different interfaces. However, I want to route it using information inside the tunnel: inner ip addresses. My machine is ...
- 11
2
votes
0
answers
58
views
What does the phrase "consider native interface" refer to when the nftables wiki says that xt_bpf match is unsupported
In this list of unsupported xtables features. xt_bpf is listed as one of the unsupported features. The comment says to "consider native interface". But what interface is being referred to ...
- 619
3
votes
1
answer
293
views
Why can't I connect a network namespace to the Internet?
I've seen other answers on this site and read an article and watched a video on the topic, but I still can't connect my network namespace to the outside world.
Setup
I created a namespace named "...
- 133