Tags » Iptables

Permanently Ban Those Caught By Fail2Ban

Fail2ban is probably one of the best intrusive detection based tools an administrator can deploy onto their system. This is especially the case if your system is connected to the internet. 1,603 more words



Mangle Table:
-> it is used to mangling packets (change the contents of different packets and that of their headers).
-> table consists of five built in chains. 3,188 more words


#IpTables for a #Zimbra setup

iptables -I INPUT -p tcp --dport 2322 -j ACCEPT #SSH
iptables -I INPUT -p tcp --dport 443 -j ACCEPT #HTTPS
iptables -I INPUT -p tcp --dport 3930 -j ACCEPT
iptables -I INPUT -p tcp --dport 143 -j ACCEPT #IMAP
iptables -I INPUT -p tcp --dport 993 -j ACCEPT #IMAPS
iptables -I INPUT -p tcp --dport 389 -j ACCEPT #LDAP
iptables -I INPUT -p tcp --dport 7025 -j ACCEPT
iptables -I INPUT -p tcp --dport 5800 -j ACCEPT
iptables -I INPUT -p tcp --dport 5900 -j ACCEPT
iptables -I INPUT -p tcp --dport 7071 -j ACCEPT #Port for ZCS Web Administration
iptables -I INPUT -p tcp --dport 3894 -j ACCEPT
iptables -I INPUT -p tcp --dport 3895 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -j ACCEPT #HTTP (for webmail)
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
# Block fragmented ICMP. 247 more words

Block A Range of IP Addresses via iptables (CentOS/RedHat)

I was asked the other day by a friend if he would be able to use iptables to block a range of IP addresses.  Of course!   116 more words

Red Hat

Limit per IP, per second connection using iptables

# Max connection in seconds
# Max connections per IP
# default action can be DROP or REJECT
$IPT -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –set
$IPT -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –update –seconds 
${SECONDS} –hitcount ${BLOCKCOUNT} -j ${DACTION}

Setting up Iptables on DD-WRT Router

Setting up Iptables has been the hardest part of configuring a Home SOC. If I had tons of money I would get a managed switch and create a span port I could mirror all traffic on or get a tap that would do that for me. 296 more words

Postfix on CentOS

Last day, I’d been troubleshooting a problem with a new CentOS postfix installation. After having read many tutorials, I was still having problems. The server itself could send emails (using the mailx package) and it could telnet to itself via ip-address and host name, but no other device could connect to it. 207 more words

Random Troubles (hooting)