Questions tagged as ['firewall']

A Firewall is an application or hardware device used to inspect and filter network traffic.
Score: 0
mon avatar
AWS Network Firewall - How to log the blocked connections
ng flag
mon

Question

Is there a way to log the connections blocked by the AWS Network Firewall, or filter the logs of blocked connections?

Background

Currently having setup the rules, and would like to know which IP or domains have been blocked.

enter image description here

Looking at Logging network traffic from AWS Network Firewall but not clear if it is possible.

You can record flow logs and alert logs from your Network Firewall st ...

Score: 0
How do I set up Fail2Ban on an Amazon Lightsail Debian instance, when it has its own firewall?
it flag

This is a very basic question, but all the answers I can find either relate to WordPress installs or Bitnami installs. I have a plain Debian instance running Nginx.

I would like to set up Fail2Ban. The problem is that Lightsail seems to have its own firewall, configurable via the console. It isn't clear to me how Fail2Ban would work with such a firewall, and I don't want to potentially screw up  ...

Score: 0
freddie_ventura avatar
Using a BlockOutbound default policy in Win10 to fully Tunnel all WAN traffic through the TUN/TAP interface
th flag

So I got a little "advanced firewall usage" question in Win10.

I have a VPN running in a VPS with openvpn , running like a charm , and I wanted to filter all the networking of my endhost (in this case Win10) What I mean by filtering is to apply an strict policy of "BlockInbound,BlockOutbound" , so I can just add rules to allow the communication with my VPS to establish the VPN Tunnel , (so it will creat ...

Score: 1
hattivatt avatar
Docker Swarm. Containers in one overlay network but on different nodes can't reach each other via tcp
cn flag

I have a docker swarm cluster with 12 nodes. Containers deployed on single node can reach each other fine via overlay network, but when they are deployed on different nodes, there are connectivity issue: hostnames are resolved and I can ping one container from another, but when I try reach other container via tcp (for example with telnet) I'm getting long wait and then connection timeout. Firewall on ea ...

Score: 1
Vipin Menon avatar
How to properly clone packets with tee?
gy flag

Trying to understand the TEE module of iptables. Intend is trying to clone and send the same packet to 2 IPs

Tried the following

iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP1
iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP2

Does this tee the traffic to both gateways or only the 1st rule? running the command iptables -L -v shows the rules and packets getting counted against ...

Score: 0
Johnson Sebire avatar
Cloudron Open Port 5080
pl flag

I'm attempting to run Antemedia on a Server which is pre-installed with Cloudron. It appears Cloudron's Firewall system has blocked port 5080 by default. There doesn't appear to be an option to open this port inside Cloudron. Does anyone have an idea how I can open port 5080 so I can access the Antmedia Application as this runs on port 5080?

Score: 0
Changing Mikrotik PPP Address pool
cn flag

Trying to change address pool given by L2TP connection on Mikrotik. What I have now:
192.168.240.1/23 - local network
192.168.250.1/23 - l2tp address pool, added to IP-Addresses, IP-Pool, Firewall-NAT connection accept.
CMAK-created connection on a Windows 10 machine with routes.txt inside. At this point everything works well.

Now I'm trying to change the 250 pool to 230, so I'm changing it in IP-Address ...

Score: 0
Dani avatar
VPC firewall rule between load balancer and vms
cn flag

I've added some vpc firewall rules to prevent access to my load balancer - and allowed only specific ips. The rules seems to block traffic between the load balancer and the VMs. how can I set up a rule that allow all traffic between load balancer and vms ? I've tried with LB external ip but it doesn't work. Does the load balancer has internal ip ? where can I find it ? the "internal" default rule doesn' ...

Score: 1
Dani avatar
Add firewall rule in front of a Google Cloud Load Balancer
cn flag

I have a Load Balancer on Google Cloud.

I want to setup a simple firewall rule that will restrict access to the Load Balancer from specific ip.

How can I do it ?

Score: 0
user3723206 avatar
Possible to create policy limiting firewall rules in GCP?
za flag

Does anyone know if it's possible to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?

For example, I want to prevent users from creating firewall rules that use 'any' as a source for ports such as SSH, RDP, SQL, and so on.

Score: 0
turtle avatar
Block "ethash.poolbinance.com" on MikroTik
ru flag

Can you explain me. How I can block this address from firewall on MikroTik.

I just try to add the rules with only "poolbinance.com" and other rule with "ethash.poolbinance.com"

But it is not working.

Thank you for help.

full address looks like tcp://ethash.poolbinance.com:1800

Score: 0
erotavlas avatar
Web server, firewall and active directory: internal network connection error "DNS rebinding attack"
fr flag

I have a problem with a web server (WS) (apache on ubuntu 20.04 server), Fortinet Firewall (FF) and windows Active Directory (AD). My ISP recently upgraded my Internet connection and changed some configuration (static IP addresses and subnet). Before the upgrade, there was no problem. In particular, the AD was behind FF while the WS was external to it (machines from local networks and from external netw ...

Score: 0
Farhan Shirgill Ansari avatar
Which connections/interfaces are in zone 'docker'?
cl flag

Executing the below command on Ubuntu 20.04 LTS

sudo firewall-cmd --list-all-zone

gives me these

block,
dmz,
docker (active),
drop,
external,
home,
internal,
public,
trusted,
work,

The thing which is bothering me is the current one selected shown as

docker(active)

The Ubuntu 20.04 LTS is running on Virtual Box with Windows as Host OS.

When i try to add port 80/tcp to allow access to the same, the  ...

Score: 0
Sahat Shah avatar
wget stuck on the connecting to.. after few iptable rules
in flag

I'm using ipset module for iptables to allow only specific IPs in incoming traffic.

Here I have allowed only 2 Ips. Only these two IPs can connect to my server

However, if I do wget 142.250.195.46 it stuck on connecting to...

Here are the rules. I have allowed all outbound traffic.

iptables -I INPUT -i lo -j ACCEPT
iptables -I OUTPUT -o lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RE ...
Score: 0
IPtables port forwarding to host machine IP
us flag

In an LXC container I have Wireguard installed and the client connects normally and I see the port and the information, but when I try to curl to localhost (127.0.0.1) or to the local ip (192.168.1.180) it doesn't connect.

192.168.1.180 (Host IP) 10.7.0.2 (IP)

10.7.0.2:6060 <-> 192.168.1.180:6060

curl -I 10.7.0.2:6060

-Resolve OK --

curl -I 127.0.1:6060 (OR) curl -I 192.168.1.180:6060

Responde u ...

Score: -1
kuba42 avatar
Ports closed remotely while they are open locally
pt flag

i have a problem with a mariaDB server, the port is locally open, but on a remote desktop, the port appears closed.

 Port       Status    service
3306/tcp     open      mysql

^^^^ localhost output

Port 3306 is closed on (my IP)

^^^^ remote desktop

Also when i try to open new ports, for example port 123 for a web based game using mode.js, the same thing happens.

Firewall is inactive

All that happene ...

Score: 2
CAMOBAP avatar
Prove that software works via SOCKS
za flag

Intro

I have ruby software that utilizes a network during its execution.

Recently I got feedback from a user who works behind a firewall and use SOCKS, this software doesn't work for him

So I need to simulate this situation to check which part of my software doesn't respect HTTP_PROXY environment variables

What I have tried

I tried to simulate this firewall with iptables (inside docker):


apt-get up ...
Score: 1
red0ct avatar
Iptables --reject-with tcp-reset for non-TCP traffic
cn flag

Here I faced with a bit strange rule:

iptables -A INPUT -s 10.26.95.20 -j REJECT --reject-with tcp-reset

This rule matches all the protocols from specific network and rejects it with TCP RST packet.
How is this supposed to work with non-TCP packets? If other end (10.26.95.20) sends UDP packet it then receives TCP RST? This looks extremely strange..

Score: 1
How to Implement Rate Limiting in Azure Web Application Firewall(WAF)?
br flag

I am looking to implement global rate limiting to Azure WAF. I have created custom rate limiting rules but they are IP based. I know Azure DDoS protection provides a certain coverage limit. But my goal is to have a maximum limit of HTTP requests that I can serve before my application gets unstable or infrastructure cost goes too high. I do have things like maximum no. of K8 pods and their CPU limits def ...

Score: 0
Fahed avatar
OHV VPS ports not modified. Where are those rule set?
cn flag

I have a problem with a VPS ports config (on ovh.com).

  • I set up Debian 10 and updated it.
  • I didn't install any firewall software.
  • OVH infrastructure is protected by a global firewall, but on my panel it's shown as disabled and there are no rules applied.
  • Default ports work fine (HTTP, TCP, UDP, SSH, FTP, DNS and SSL).

EXAMPLE (FTP)

FTP works just fine on port 21:

client

$ ftp XX.XX.XX.XX
Connect ...
Score: 0
Fahed avatar
OHV VPS ports remain "closed" and can't be changed, why?
cn flag

I have a problem with a VPS ports config (on ovh.com). I set up Debian 10 and updated it, but when I try to configure ports I get many errors.

I found that OVH infrastructure is protected by a global firewall, but on my panel it's shown as disabled and there are no rules applied.

EXAMPLE

If I use port 22 for SSH, it's all ok, but if I change the port then I get locked out. Same goes for any port.

 ...

Score: 1
keeplearningtogether avatar
nftables - limit rate behavior (error or misusage ?)
nl flag

I am trying to set up a firewall with nftables but I failed to understand and implement a simple rate limit based on the documentation I have found.

  • OS : Ubuntu 20.04 LTS
  • nftables version : 0.9.3 (Topsy)
  • kernel release: 5.8.0-53-generic

I have built the test firewall with the below sequence of commands:

nft 'add table inet testnetwork'
nft 'add chain inet testnetwork INPUT { type filter hook input prior ...
Score: 0
aytine avatar
IPTABLES - POSTROUTING requests are not forwarded back into the LAN
sk flag

I have some LXC hosted on a Proxmox server. They are all connected to the same network (10.0.0.0/24) and are supposed to go out to the Internet through the proxmox host (10.0.0.254 & WAN IP)

This is the proxmox firewall configuration :

iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE

ipta ...
Score: 0
Conditional port forwarding with ufw as a default policy
cn flag

Is there a way such that: when a connection is denied (by the rule set) in ufw, it forwards that traffic to another port on the local machine, rather than dropping (by default)?

I can see two potential ways for port forwarding in ufw, I am wondering how to modify these so that it is conditional.

  1. Adding -A PREROUTING rule to /etc/ufw/before.rules. But I need that rule only to be applied when the con ...

Score: 4
laurent avatar
Is it worth installing UFW on an AWS EC2 instance?
tj flag

I would usually run UFW on servers I deploy, however I've just started using AWS and I see they already provide a firewall, allowing to set inbound/outbound rules, etc.

So I'm wondering if it's ever useful to have both the AWS firewall and UFW running at the same time? Or can I drop UFW altogether?

Score: 2
Christian Brinch avatar
How to deny IP ranges with ufw?
us flag

I am getting repeated login attempts from this IP address, 45.135.232.165, apparently a known Russian abusive host. I want to block all traffic on all ports from the entire subnet 45.135.232.*, so I did

ufw deny from 45.135.232.0/24

ufw status shows the rule as

To                         Action      From
--                         ------      ----
Anywhere                   DENY        45.135.232 ...
Score: 2
configure my linux as a router, how do enable port forwarding with nftables?
au flag
ufk

I'm trying to configure my Gentoo Linux as a router.

this is my configuration so far.

WAN NIC is enp3s0 and LAN NIC is enp1s0f0

accepting connections to ICMP, tcp ports 53, 22, 80, 443, 445, 5900 and udp ports 53,67,68 from LAN

accepting connection from SSH port 22 from WAN

these work great, what I failed to do is create port forwarding.

I am trying to set up that if a connection on port 222 comes in from ...

Score: 0
Preventing docker container from accessing internet except SSH, DNS and SMTP
th flag

I have a docker container with an SSH server, an HTTP server, and an SMTP client (that needs to resolve domain names).

Besides that, I would like to prevent the container from accessing the internet.

I use the rules from https://github.com/chaifeng/ufw-docker to avoid exposing the container ports to the internet, but that's probably another story.

Adding

ufw route deny from 172.25.0.4 to any

ind ...

Score: 1
Nikola avatar
iptables doesn't forward http traffic
cn flag

I am trying to create a captive portal, and the first thing to do is to redirect all traffic to specific IP:port.

I have tried:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <my-ip>:<my-port>

Which works when trying to test out the redirect on the same device that acts as a hotspot. I understood that requests from other users go through the PREROUTING chain, so I did th ...

Score: 0
Brian avatar
iptables doesn't seem to be stopped
aw flag

I have a CentOS 7 computer, which originally uses iptables as its firewall configuration tool.

The computer has a docker container that listens to port 10079.

I want to use firewalld to replace iptables.

Both firewalld and iptables run outside of the docker container. I don't run them inside the container.

So I run the following commands

$ systemctl stop iptables
# disable iptables so that it doesn't s ...