IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.80 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-22
[14:33]<zznszzyj>Morning all....
[14:33]<zznszzyj>Exists any solution to block skype ?
[15:30]<xzzm__wzzn>ccesario: hrmmmm
[15:30]<xzzm__wzzn>let me lookskee
[15:31]<zznszzyj>hard__ware, ok :D
[15:32]<xzzm__wzzn>http://l7-filter.sourceforge.net/protocols
[15:32]<xzzm__wzzn>looks like skype somewhat is
[15:33]<-- przf_mjrk xrs puy>exit")
[15:33]<zznszzyj>hard__ware, well, I'm using it... but I don't have sucess.... SKYPE is working :/
[15:36]<xzzm__wzzn>dammm
[15:37]<xzzm__wzzn>im gooogling ... so far just found doc's on what the proto does ...
[15:37]<xzzm__wzzn>looks to be as if it doesnt use Supernodes ... which can be hard especially with UDP
[15:39]<xzzm__wzzn>does skype require conection to HTTP first ?
[15:41]<zznszzyj>hard__ware, hmmm it require HTTP conection, but I don't know if is "first"... but require
[19:01]<-- djzgprff|dw xrs f>plane")
[20:17]<mrsmjmnff>can i define multiple network blocks in one iptables variable
[20:31]<zzrgmgg>Hi, coul anyone just tell me how to flush all iptables rules?
[20:35]<zzrgmgg>I did run iptables -F ; iptables -F INPUT ; iptables -F FORWARD ; iptables -F OUTPUT
[20:35]<zzrgmgg>But cant still access the computer
[20:35]<zj20>See the -F command. Run that in each table you're using. Also, danieldg has an iptables-restore ruleset with no rules and policies all ACCEPT.
[20:35]<zzrgmgg>how do I put them to all ACCEPT?
[20:36]<drvvx_>granden: -F does not change the POLICIY
[20:36]<zj20>-P
[20:36]<drvvx_>use -P, and read the man
[20:36]<zzrgmgg>-P?
[20:36]<zzrgmgg>ah
[20:36]<zzrgmgg>thanks
[20:36]<zzrgmgg>I found out how it was easy, just didnt know it was -P thanks
[20:39]<mrsmjmnff>can i define multiple network blocks in one iptables variable, e.g. WIFI="192.168.0.0/16,172.16.0.0/16,10.0.0.0/24" and then use it in one drop rule as $WIFI?
[20:39]<vxnxryfj>alright so I have my main router (192.168.0.1) and it has to forward traffic outbound for 10.254.254.60 to the VPN router (192.168.0.3), I've been tinkering with the route command with no luck, any hints?
[20:40]<zj20>dasmodell: no, use a "for" loop. In bash: "help for".
[20:54]<sxzmnwzfcnz>+rob0: can you answer my question above?
[21:14]<zj20>If someone roots you they will change your netfilter rules.
[21:14]<zzrgmgg>but not if they manage to root a computer behind that one
[21:14]<zzrgmgg>I dont use the same passwords :)
[21:15]<zj20>What do you mean, "a computer behind that one"?
[21:16]<zzrgmgg>It will be spliting my connection to more computers behind it
[21:16]<zzrgmgg>gateway is the word in english :)
[21:18]<zj20>INPUT and OUTPUT are not used in such a case. FORWARD is.
[21:44]<zuynm>how much CPU do I need in order to route an intel quad Gigabit interface? does anyone know's? I'm thinking of making a router with an Intel card ( with four Gigabir interfaces).
[21:44]<zj2wow0>granden: but on that note... I haven't looked at your ruleset, but make sure you allow DNS to go out, and also make sure you are accepting EST/REL on OUTPUT if you're trying to do outbound filtering (though rob0 is correct - if you have to ask questions about how to do it, you don't need to do it)
[21:44]<zj2wow0>ruied: how much cpu do you have?
[21:46]<zuynm>at the moment a PIII 500MHz (with four 100Mbits intefaces)
[21:46]<zj2wow0>I hear stories of people passing *large* amounts of traffic on an old Pentium box, though I have no experience with extremely large amounts - I know it will handle quite a bit though
[21:46]<zj2wow0>I'm guessing that you'll be fine with that - assuming you're not doing l7 filtering or something like that
[21:48]<zuynm>I have several redirects, and some ip's and mac filterings...
[21:52]<zzrgmgg>Ok both robs :)
[21:52]<zzrgmgg>I see
[21:53]<zzrgmgg>If a want a script on a computer just for filtering input
[21:53]<zzrgmgg>Then I can allaw all outbound connections?
[21:53]<zzrgmgg>Im setting upp for the clients now.
[21:54]<sara>how do i make eveything from 192.168.1.50 on my LAN go out the internet face Gre1 on the gateway?
[21:54]<sara>iptables -t mangle
[21:54]<sara>right? but what else?
[21:56]<sara>iptables -t nat -A POSTROUTING -i eth0 -o gre1 -j SNAT --to 192.168.1.50
[21:56]<sara>?
[21:56]<zj2wow0>skac: I've never done anything along those lines - lartc is going to be a good resource for you
[21:56]<sara>i am on netfilter.com atm
[21:56]<sara>whats lartc?
[21:56]<drwygn>lartc is http://lartc.org/howto/ : the Linux Advanced Routing & Traffic Control HOWTO
[21:56]<sara>hahaha
[21:57]<sara>thats awesome
[21:57]<sara>well
[21:57]<sara>i have 2 ips on this box
[21:57]<sara>one is directly routed outbound
[21:58]<sara>god my netstack is crying
[22:08]<sara>that didnt work
[22:08]<sara>haha
[22:12]<sara>robw810: this is stupid, i am going to have to reboot it =(
[22:12]<sara>that table is too massive to even think about cleaning it up
[22:13]<sara>bash-3.00# traceroute 4.2.2.2
[22:13]<sara>traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 38 byte packets
[22:13]<sara> 1 ssh.7a69.co.uk (192.168.1.1) 0.180 ms 0.090 ms 0.087 ms
[22:13]<sara> 2 ssh.7a69.co.uk (192.168.1.1) 2993.967 ms !H 2999.507 ms !H 3000.636 ms !H
[22:16]<zj2wow0>skac: sorry for the delay - had to pass out some stuff to students
[22:16]<zj2wow0>Figure it out yet?
[22:17]<sara>no
[22:17]<sara>lol
[22:18]<sara>URG
[22:19]<zzrgmgg>Does anyone have a iptables script that I could modify for my own needs. I want it to block all incoming connections but allow a few that I specify
[22:19]<zzrgmgg>so far only SSH(22) HTTPS(443) and HTTP(80)
[22:20]<zj20>granden: there are thousands of them out there.
[22:20]<zzrgmgg>rob0: But I dont find any couldnt you just link me to one?
[22:20]<zzwffzdnz>www.google.com
[22:20]<zj20>freshmeat too
[22:21]<sara>if i post my ip stack details
[22:21]<sara>would someone look at them
[22:21]<drvvx_>who knows
[22:21]<zj2wow0>granden: slackwiki.org has mine and a few others (since you're a Slacker)
[22:21]<sara>Lol
[22:21]<sara>slackwarez!!!!!!!11
[22:21]<zzrgmgg>robw810: Ok
[22:21]<sara>:)
[22:21]<zzrgmgg>I think yours is not there anymore though
[22:22]<zj2wow0>granden: get the one marked "Simple" firewall or something like that
[22:22]<zzrgmgg>Ok
