• UFW or IPTABLES

    Solved IT Discussion
    8
    0 Votes
    8 Posts
    830 Views
    1

    @JaredBusch said in UFW or IPTABLES:

    @Pete-S said in UFW or IPTABLES:

    So I think the current recommendation is to either stick to ufw or firewall-cmd or just use nft directly.

    I try to. This was the first time I've had a need to go outside the box of ufw or firewall-cmd to use direct iptables in years.

    Yes, it's only when you need more control.

    I've looked into this before and it wasn't not super obvious how all these tools interact. But nowadays ufw and firewalld are services to manage nftables. nftables itself manages the netfilter packet filtering mechanism in the kernel.

    The ability to use iptables are just for legacy reasons and they're converted to nftables rules behind the scenes.

    Since ufw (canonical project) and firewalld (redhat project) where initiated when iptables was used, I'm not sure their existence is warranted in the same way. At least not by sysadmins.

    I'm looking at setting firewall rules automatically in a project and it seems like using nftables directly makes the most sense. That said I have to learn nftables first 🙂

  • Splunk vs iptables

    IT Discussion
    7
    1 Votes
    7 Posts
    1k Views
    ntozierN

    @IRJ said in Splunk vs iptables:

    iptables -A OUTPUT -o eth0 -p tcp --sport 9997 -m state --state NEW,ESTABLISHED -j ACCEPT

    Looks like the solution was
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    Or at least that got it working. 🙂

  • 2 Votes
    4 Posts
    2k Views
    jmooreJ

    @dustinb3403 ok got it, weird one

  • Custom IP tables rules for FreePBX

    IT Discussion
    6
    1 Votes
    6 Posts
    2k Views
    AdamFA

    @jaredbusch said in Custom IP tables rules for FreePBX:

    @fuznutz04 said in Custom IP tables rules for FreePBX:

    @jaredbusch Awesome. I'm going to try this.

    I was just about to followup with this, saying that I was able to get it working, by not using any custom rules at all. Since the IP that I want to allow, is my local office, which is where I want to connect to the mySQL data from, it works already. Reason: I have my local office IP listed in the Trusted Network area of the Responsive firewall.

    Of course, to get this to work, you have to change the listen address (bind address) in the etc/my.cnf file to listen on your public address, other than the loopback address.

    I would probably change it to listen on any to have one thing less to remember just in case something changes, but that is just personal preference.

    Oh yeah, I did that actually. Then I created a user with select access to the crdb database. The root user by default, on FreePBX installations, has no password. However, the root user can only log in from the local server, so I don't see a need to implement a password. Unless I'm missing something....

  • Port Forwarding to KVM Guest

    IT Discussion
    18
    0 Votes
    18 Posts
    4k Views
    A

    KVM Networking was set to NAT not Routed 😞

    I guess I am learning?........

  • 0 Votes
    16 Posts
    3k Views
    DashrenderD

    @Reid-Cooper said in Open source Firewall:

    pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

    Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

  • Linux Iptables Firewall Automation

    IT Discussion
    39
    3 Votes
    39 Posts
    7k Views
    prcssupportP

    @RobLewisss said in Linux Iptables Firewall Automation:

    @JulianJulian Thanks mate! I just downloaded the agent. I'll let you guys know how it works.

    I also downloaded the agent to one of my Linux systems. It was very quick and simple.

    The cloud interface picked up the installed agent imediately and I was able to manage it right there.

    There are different groups that you can place each agent for different rules.

    Definitely worth testing. Up to 5 servers for free!

  • 2 Votes
    8 Posts
    20k Views
    travisdh1T

    @scottalanmiller said:

    @JaredBusch said:

    @scottalanmiller said:

    @JaredBusch said:

    @scottalanmiller said:

    @JaredBusch said:

    While I have never made a how to with a port range, the basic firewalld syntax is used all over the place on this forum by me and every system that I have ever seen that accepts a port range does so with the range hyphenated from lower boundary to upper boundary.

    I would have thought that this was a colon, though, not a hyphen.

    I have never seen it commonly used with a colon to represent a range

    Native IPTables. 🙂

    I rarely work with native IPTables. That would explain a difference in point of view.

    Yeah, and for me I pretty much have done raw edits on /etc/sysconfig/iptables and never used external tools. Now with FirewallD I'm relearning the syntax for everything on Linux firewalls.

    Well, at least I'm not the only one then. Learning how to use firewall-cmd still feels a bit odd.

  • Sample Working IPTables

    IT Discussion
    4
    2 Votes
    4 Posts
    1k Views
    scottalanmillerS

    @dafyre said:

    Scratch that... I was able to figure it out.

    The configuration that you posted by default denies everything but SSH.

    Thanks!

    Correct 🙂

  • opening Iptables for remote tools?

    IT Discussion
    11
    0 Votes
    11 Posts
    2k Views
    scottalanmillerS

    When in doubt just...

    find / -name iptables.conf -print
  • 2 Votes
    81 Posts
    20k Views
    thanksajdotcomT

    @scottalanmiller said:

    We lead with geo-specific deny rules to block regions before allowing ports.

    And in that case it makes sense. You're blocking all traffic from China or Russia, for example. Then you allow the ports you want open but those countries are blocked, and maybe every other country is fine (hopefully you haven't blocked Spain... ;)), and then you deny the rest. That also makes logistical sense. I don't disagree with @thecreativeone91. It all comes down to what your objective is and then determining the best way to approach it.

  • IPTABLES rules needed

    IT Discussion
    6
    0 Votes
    6 Posts
    1k Views
    nadnerBN

    So, @JaredBusch... what did you end up doing?