IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.86 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-18
[01:00]<vyayvjzax> I have an overly chatty windows box here that keeps sending out UDP packets to port 137. Will "iptables -t filter -I FORWARD 9 -p UDP -rport 137 -s 192.168.1.50 -j DROP" entered in on my Linux box doing NAT block this data?
[01:09]<-- rjrvcxrrr xrs fuy>http://www.jpg.com")
[01:55]<wjjmmwjjmlnacnz>iptables -A FORWARD -p udp -m multiport --ports 137:139 -j DROP
[01:55]<wjjmmwjjmlnacnz>iptables -A INPUT -p udp -m multiport --ports 137:139 -j DROP
[01:55]<wjjmmwjjmlnacnz>But drop tcp and udp
[01:55]<wjjmmwjjmlnacnz>iptables -A INPUT -m multiport --ports 137:139 -j DROP
[01:55]<wjjmmwjjmlnacnz>iptables -A FORWARD -m multiport --ports 137:139 -j DROP
[01:56]<wjjmmwjjmlnacnz>And smb uses 445 also
[01:56]<wjjmmwjjmlnacnz>iptables -A FORWARD -m multiport --ports 137:139,445 -j DROP
[01:56]<wjjmmwjjmlnacnz>iptables -A INPUT -m multiport --ports 137:139 ,445-j DROP
[02:01]<zdrg`>callee: bcrelay does not work
[02:04]<vyayvjzax>WoodyWoodpecker: thank you
[02:05]<wjjmmwjjmlnacnz>you're welcome
[08:44]<xzgmzyx>anyone still up in here ?
[09:09]<xzgmzyx>it seems not
[09:09]<xzgmzyx>has anyone here ever heard of the apf project ?
[09:46]<rrffnn>ryan`: as i said, i never got it working either
[09:46]<xzgmzyx>i guess no one heard about the apf project
[09:47]<rrffnn>apf sounds like some filter from *BSD
[09:47]<xzgmzyx>it isint actualy
[09:47]<rrffnn>dunno then
[09:48]<xzgmzyx>callee, http://www.rfxnetworks.com/apf.php it seems interesting
[09:48]<xzgmzyx>it seems to be a cross between iptables and pf from bsd
[09:48]<xzgmzyx>not sure
[09:49]<rrffnn>XandriX: it seems just like an easy-configure-wrapper to iptables limiting iptables capabilities
[09:50]<rrffnn>in the past i learned that if you do it right, its better to stay with iptables than use a (graphical) helper for it
[09:51]<rrffnn>it is better to use an own script perhaps based on an examplary script you can find on the net
[10:04]<xzgmzyx>callee, not at all its actualy command line and the config file is very similar to those of pf and it uses iptables modules and such
[10:09]<xzgmzyx>callee, and its also clearly written that it can use the complexity of all iptables parameters just in its own way
[10:09]<xzgmzyx>im good at pf but SUCK ASS at iptables but i like it very much and i use it alot but my knoledge of it is only basic
[10:11]<xzgmzyx>im reading the iptables tutorial tho
[10:11]<xzgmzyx>its very interesting
[10:15]<xzgmzyx>i guess this isint really a conversation oriented channel lol
[10:43]<xzgmzyx>anyone care to discuss about the apf project or is everyone headed to its a crappy interface to iptables ?
[11:39]<fwnc>morning.. is it possible to use SNAT over 1 ethernet card.. but with 2 aliases
[11:40]<fwnc>it has two different networks.. 192.168.8.0 and 10.0.0.0
[11:40]<fwnc>iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -j SNAT --to-source 10.0.0.138
[11:41]<fwnc>eth0 has ip 192.168.8.30 and eth0:1 10.0.0.11
[11:41]<fwnc>but no luck yet, any help is apreciated
[12:05]<sxrmjwww>YES GO IPTABLES
[12:07]<xzzm__wzzn>shadow11: ???
[12:07]<sxrmjwww>i try
[12:08]<sxrmjwww>i just have fun playing with iptables
[12:09]<sxrmjwww>block them ports iptables
[12:13]<xzzm__wzzn>shadow11: ok kewls ... if so, try have some fun with this http://hwfirewall.sf.net
[12:13]<sxrmjwww>thankx
[12:17]<xzzm__wzzn>qwek: yes you can
[12:17]<xzzm__wzzn>the link i gave to qwek: will do that
[12:17]<xzzm__wzzn>lol s/qwek:/shadow11/
[12:31]<fwnc>tnx hard__ware, got it to work now
[12:31]<xzzm__wzzn>no probs =)
[13:05]<-- svgvsdyzgjvr xrs>/dev/null")
[15:55]<-- czzzsu xzs fuyv (>home();")
[19:23]<zzwffzdnz>RE
[19:54]<pnnnnnd>yo why file does iptables read as a config?
[19:54]<pnnnnnd>nm
[19:54]<pnnnnnd>it doesn;t
[19:55]<gsfv>hello, i would like to accept connections on all ports from 192.1.168.22 how to achieve it with iptables? I tried something like this /sbin/iptables -A INPUT -s 192.1.168.22 -j ACCEPT but it didnt worked
[19:57]<pnnnnnd>what disttro?
[19:58]<pnnnnnd>i was just doing that
[19:58]<pnnnnnd>and its
[19:59]<pnnnnnd>iptables -t nat -A PREROUTING -s yo.ur.i.p -p tcp --dport 25(whatever ur port is)
[20:00]<zj20>nslt: if an earlier terminating rule matches those, your appended rule won't be seen. Try s/-A/-I/ to insert at the top.
[20:00]<gsfv>fedora core 5
[20:01]<gsfv>and i would like to allow access on all ports, because of ftp, http, and nfs servers
[20:01]<zdrg`>that rule is correct....
[20:01]<zdrg`>but
[20:01]<zdrg`>an earlier rule may be refusing your packets
[20:02]<pnnnnnd>which rule?
[20:02]<zdrg`>er
[20:02]<zdrg`>was talking to nslt
[20:03]<gsfv>here is my iptables -L
[20:03]<gsfv>http://pastebin.com/724903
[20:08]<zdrg`>yup
[20:09]<zdrg`>it's going to RH-Firewall-1-INPUT, and getting rejected by the last rule in that chain
[20:09]<zdrg`>i would add that rule to that chain
[20:09]<zdrg`>rather then input
[20:11]<gsfv>how to do that?
[20:58]<vzzzzz>I've got a few log entry filters (-j LOG --log-level INFO) setup and despite having removing the entire ../dev/xconsole section of /etc/syslog.conf I am still getting iptables log messages to my current tty. I've made sure syslogd has been restarted. Any ideas on what I'm missing?
[20:59]<vzzzzz>here is an example entry in full: $IPTABLES -t filter -A EXT_CHAIN -m limit --limit 6/minute --limit-burst 15 -j LOG --log-level INFO --log-prefix "EXT_CHAIN fell through: "
[21:38]<vzzzzz>answer was vi /etc/sysctl.conf
[21:43]<xzgmzyx>morning people
[22:24]<ydjx>hello all - i'm interested in setting up a firewall gateway at home using iptables. any suggestions on OS i should use and how I should configure it. I also wanna use my linksys router, is that a possibility?
[22:29]<drvvx_>imoh: anything linux based if you want to run iptables on it
[22:30]<drvvx_>the topic gives some interesting links
[22:31]<ydjx>yeah i will have a look. thanks matth_
[22:38]<ydjx>well i've looked at the links in topics. those are pretty detailed about how iptables works. good read, however, I'm more interested in getting my linux firewall setup in my small home network environment. Are there any tutorials on that ?
[22:39]<zj2wow0>imoh: That's what the /topic tutorial is for - there's no one-size-fits-all ruleset, if that's what you're asking: every network is different with varying needs, and only you know the specifics of yours
![http://www.jpg.com"](http://www.jpg.com"){kind=link}