IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.83 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-30
Pages: 1
[20:20]<ayffnzdrax>I have this line "-A INPUT -s 81.0.0.0/8 -j DROP" in my firewall, as a matter of testing, I'm trying to understand why this prevents whois on the localmachine from contacting whois.denic.de which has IP 81.91.162.8 ...
[20:21]<ayffnzdrax>I am making an outbound request.. ooh.. n/m.. it cannot answer back.. sheesh.. time to eat
[20:21]<rrffnn>killermach: probably because you are not using stateful filtering...
[20:22]<ayffnzdrax>callee: that rule was meant to drop ALL incoming packets from the 81.0.0.0 network, how could stateful filtering differ
[20:22]<rrffnn>meaning: you send a whois request out, and get an answer. however iptables is unable to see that the incoming request is a reply to the previous outgoing request. thats why you need the state module
[20:23]<ayffnzdrax>callee: I see.. that could be useful
[20:23]<rrffnn>see, you do not only want to request the whois query, but you surely want an anser...
[20:23]<rrffnn>answer
[20:24]<ayffnzdrax>yes yes.. I'm also new to iptables. I have to learn more
[20:24]<rrffnn>look at the tutorial in the topic
[20:26]<ayffnzdrax>callee: can you get someone to remove the " ; " from the URL.. it gives a page not found, I already removed it in Firefox, so I'm there now
[20:28]<rrffnn>killermach: i do not see a ";" in the url
[20:28]<rrffnn>ah, there it is
[20:28]<ayffnzdrax>mostly I'm trying to remove network access from what seems to be mostly spam emailers, I hate to do such blanket rules, but until I find a way to fine tune iptables without spending all day everyday doing it, this is it
[20:29]<rrffnn>well, technically there is no ";" in the url, just behind it
[20:29]<rrffnn>killermach: try the hash module
[20:29]<rrffnn>however dunno how that exactly works
[20:30]<rrffnn>but there is no O(1) way to get rid of the spammers with iptables
[20:30]<rrffnn>if you run a mailserver it's best to stick with blacklists on the maildaemon side
[20:32]<rrffnn>or greylists or whatever you prefer, but don't try to use iptables for that. remember iptables does only packet filtering and is often the first but not only line of defence, so it is unnecessary to make the mesh too tight at the beginning, for you screw more up then you fix
[20:33]<rrffnn>if you wanna drop traffic from i.e. rpc worms or so just drop all traffic to the ports on the WAN interface you are not serving explicitly.
[20:33]<rrffnn>this only applies to incoming traffic of course. iptables is not useful for restricting outgoing packets
[20:34]<rrffnn>thats not what iptables is written for. you can do outgoing filtering, but it is not recommended (at least for the most part)
[21:11]<sgnzcm_bzsvzzm>yep
[21:11]<sgnzcm_bzsvzzm>basically
[21:11]<wjjmmwjjmlnacnz>It keeps track of the sport and the dport, because what was sport will be dport in the data back ; and reverse
[21:11]<sxzmnwzfcnz>Cool. :-)
[21:20]<sgnzcm_bzsvzzm>so it's possible to do that with one physical NIC using a virtual adapter (on Linux)
Pages: 1
