any iptables experts?
Hello, If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features. Help appreciated. Thanks. Dave.
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Note also that iptables is being superseded by nftables, for which I haven't found much documentation. -----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts? Hello, If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features. Help appreciated. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex. Cheers, Phil. -----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts? I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Note also that iptables is being superseded by nftables, for which I haven't found much documentation. -----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts? Hello, If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features. Help appreciated. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html 2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca
Maybe so but, from a quick glance, hardly something that could be deployed in a fully-managed infrastructure supporting large scale IT platforms for major international customers which is the arena I work in. Regards, Phil. -----Original Message----- From: Can Kırca <cankirca@gmail.com> Sent: 17 December 2018 05:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts? Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html 2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Hello, I've got two guest networks both running on Raspberry Pis. I want to ap isolate any clients that connect to them, so they can only connect to the internet, they can not talk to any other device on that network. Second thing i'd like to do is band width throttle them. I do not have the iptables know-how and I have tried to learn, to pull this off, i'd appreciate any help. Thanks. Dave. On 12/17/18, philrigby62@gmail.com <philrigby62@gmail.com> wrote:
Maybe so but, from a quick glance, hardly something that could be deployed in a fully-managed infrastructure supporting large scale IT platforms for major international customers which is the arena I work in.
Regards, Phil.
-----Original Message----- From: Can Kırca <cankirca@gmail.com> Sent: 17 December 2018 05:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html
2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
My understanding is that this isn't a typical iptables problem, since devices on the same LAN will discover each other using Address Resolution Protocol in IPv4 and neighbor discovery in IPv6. See the answer at https://superuser.com/questions/1257317/how-to-isolate-device-on-a-router-to... You may have to set up filtering at the MAC address level, which Linux can do. I've never used it, but it is supported. -----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Thursday, December 20, 2018 8:41 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts? Hello, I've got two guest networks both running on Raspberry Pis. I want to ap isolate any clients that connect to them, so they can only connect to the internet, they can not talk to any other device on that network. Second thing i'd like to do is band width throttle them. I do not have the iptables know-how and I have tried to learn, to pull this off, i'd appreciate any help. Thanks. Dave. On 12/17/18, philrigby62@gmail.com <philrigby62@gmail.com> wrote:
Maybe so but, from a quick glance, hardly something that could be deployed in a fully-managed infrastructure supporting large scale IT platforms for major international customers which is the arena I work in.
Regards, Phil.
-----Original Message----- From: Can Kırca <cankirca@gmail.com> Sent: 17 December 2018 05:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html
2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Hello, Thanks. I'll check out that link. Question, can I get some help setting up iptables and quality of service? Thanks. Dave. On 12/21/18, Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> wrote:
My understanding is that this isn't a typical iptables problem, since devices on the same LAN will discover each other using Address Resolution Protocol in IPv4 and neighbor discovery in IPv6. See the answer at https://superuser.com/questions/1257317/how-to-isolate-device-on-a-router-to...
You may have to set up filtering at the MAC address level, which Linux can do. I've never used it, but it is supported.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Thursday, December 20, 2018 8:41 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Hello,
I've got two guest networks both running on Raspberry Pis. I want to ap isolate any clients that connect to them, so they can only connect to the internet, they can not talk to any other device on that network. Second thing i'd like to do is band width throttle them. I do not have the iptables know-how and I have tried to learn, to pull this off, i'd appreciate any help.
Thanks. Dave.
On 12/17/18, philrigby62@gmail.com <philrigby62@gmail.com> wrote:
Maybe so but, from a quick glance, hardly something that could be deployed in a fully-managed infrastructure supporting large scale IT platforms for major international customers which is the arena I work in.
Regards, Phil.
-----Original Message----- From: Can Kırca <cankirca@gmail.com> Sent: 17 December 2018 05:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html
2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
For Quality of Service, perhaps you should try fq_codel: https://www.bufferbloat.net/projects/codel/wiki/ -----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Sunday, December 23, 2018 10:57 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: Re: [Blind-sysadmins] Re: any iptables experts? Hello, Thanks. I'll check out that link. Question, can I get some help setting up iptables and quality of service? Thanks. Dave. On 12/21/18, Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> wrote:
My understanding is that this isn't a typical iptables problem, since devices on the same LAN will discover each other using Address Resolution Protocol in IPv4 and neighbor discovery in IPv6. See the answer at https://superuser.com/questions/1257317/how-to-isolate-device-on-a-rou ter-to-internet-only
You may have to set up filtering at the MAC address level, which Linux can do. I've never used it, but it is supported.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Thursday, December 20, 2018 8:41 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Hello,
I've got two guest networks both running on Raspberry Pis. I want to ap isolate any clients that connect to them, so they can only connect to the internet, they can not talk to any other device on that network. Second thing i'd like to do is band width throttle them. I do not have the iptables know-how and I have tried to learn, to pull this off, i'd appreciate any help.
Thanks. Dave.
On 12/17/18, philrigby62@gmail.com <philrigby62@gmail.com> wrote:
Maybe so but, from a quick glance, hardly something that could be deployed in a fully-managed infrastructure supporting large scale IT platforms for major international customers which is the arena I work in.
Regards, Phil.
-----Original Message----- From: Can Kırca <cankirca@gmail.com> Sent: 17 December 2018 05:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: any iptables experts?
Acording to my experiences, CSF from Config Server better than only iptables and/or firewalld on HREL7. It has detailed documentation and compatible with iptables, command structure is so easy. https://www.configserver.com/cp/csf.html
2018-12-17 0:55 GMT+03:00, philrigby62@gmail.com <philrigby62@gmail.com>:
Don't forget also that, if you are using RHEL 7, you have the option of using firewalld and the firewall-cmd command to specify host-based firewall rules. It is a much simpler interface and well worth using instead of iptables commands if you aren't trying to do anything really complex.
Cheers, Phil.
-----Original Message----- From: Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: 16 December 2018 21:17 To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Jason White <jason@jasonjgw.net> Subject: [Blind-sysadmins] Re: any iptables experts?
I've written Iptables rules, but not recently, and I wouldn't consider myself to be an expert. I recommend using the following tutorial as your reference: https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
Note also that iptables is being superseded by nftables, for which I haven't found much documentation.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: Friday, December 14, 2018 1:27 PM To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] any iptables experts?
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
HI. Well wouldn't say an expert but I do use iptables for my firewalls. Their are other things you can use. Some of which are an easier front end to iptables itself. UFW uncomplicated firewall for ubuntu. Shorewall is another where you define zones. A lot of the documentation out there on the web about iptables is old or inaccurate. For example. I remember reading somewhere that the default policy in iptables input chain is drop. Not so as you can see with the command. iptables -L INPUT I prefer to use iptables as it's explicit what you're doing. Anyway what specifically are you trying to do? My advice would be as for most tests, do it with vms first. And always add a rule allowing established connections and ssh from your own machine first. Cheers Chris Turner On 14/12/18 18:27, David Mehler wrote:
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Please do not to forget disable selinux if you are not using it and would like to change your SSh port. 2018-12-17 13:31 GMT+03:00, Chris Turner via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org>:
HI.
Well wouldn't say an expert but I do use iptables for my firewalls. Their are other things you can use. Some of which are an easier front end to iptables itself. UFW uncomplicated firewall for ubuntu. Shorewall is another where you define zones.
A lot of the documentation out there on the web about iptables is old or inaccurate. For example. I remember reading somewhere that the default policy in iptables input chain is drop. Not so as you can see with the command.
iptables -L INPUT
I prefer to use iptables as it's explicit what you're doing.
Anyway what specifically are you trying to do? My advice would be as for most tests, do it with vms first. And always add a rule allowing established connections and ssh from your own machine first.
Cheers
Chris Turner
On 14/12/18 18:27, David Mehler wrote:
Hello,
If we have any iptables experts please contact me privately. I am not and I can not wrap my head around iptables, I am trying to do two adjustments to a raspberry pi firewall (without breaking anything), and wanting to add two features.
Help appreciated.
Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Can Kırca
participants (5)
-
Can Kırca -
Chris Turner -
David Mehler -
Jason White -
philrigby62@gmail.com