If you're running any of our firewall scripts, you'll probably want to update them!

They're all now reworked to keep their defined iptables chains attached to the top of the INPUT chain, to make sure default policies don't just override them. At least two of our servers had ended up not actually blocking IPs before this rewrite.

https://github.com/qwebltd/Useful-scripts/blob/main/Bash%20scripts%20for%20Linux/spamhaus-firewall.sh

https://github.com/qwebltd/Useful-scripts/blob/main/Bash%20scripts%20for%20Linux/tor-firewall.sh

https://github.com/qwebltd/Useful-scripts/blob/main/Bash%20scripts%20for%20Linux/asn-firewall.sh

#iptables #linux #firewall #serveradmin #security #secops #hosting

Últimas horas de la promoción de precios mínimos de Febrero! 🔥

No pierdan la oportunidad de mejorar sus perfiles profesionales! 🎓

Pueden encontrar los mejores precios a todos nuestros cursos en nuestro sitio web:

https://juncotic.com/cursos

Los esperamos!

Para pagos desde Argentina (transferencia, MercadoPago):
info@juncotic.com

#linux #curso #python #flask #wireshark #ssh #iptables #nftables #tcpip #juncotic

You know #Nginx, #PostgreSQL, #Iptables, and #Systemd. You don't need another #AWS #tutorial. You need a translation guide. :thaenkin: 🤔

I made one: AWS concepts mapped to their traditional #Linux equivalents. Stop learning, start translating #SysAdmin #DevOps #Developers https://nskm.xyz/posts/aws-1/

Invertir en tu conocimiento es la única apuesta segura 🚀

Por los próximos 5 días, todos los cursos de #JuncoTIC están al mejor precio en Udemy!

Si tenés ganas de dominar GNU/Linux, entender cómo funcionan las redes TCP/IP, o desarrollar sitios web con #Python y #Flask, esta es la oportunidad!

👇 Todos los cursos con el descuento acá:

https://juncotic.com/cursos

Dudas? Otras formas de pago?
💬 info@juncotic.com

#Linux #SysAdmin #IT #python #ssh #nftables #iptables #tcpip #flask #wireshark

After distrohopping again (this time it's #Alpine) one of the things I wanted to set-up and understand in depth is the firewall.

Although awall ("Alpine Wall") looked really interesting, I let the 'legacy' label of #iptables convince me to rather go through with #nftables. The only thing I really wanted to have was the 'automatic fallback if new rules block current ssh connection' feature of awall.

Securing Apache is critical for any production Linux server.
This guide covers iptables firewall rules, blocking unauthorized access, and protecting custom Apache ports as part of a complete Linux hardening strategy.

🔗 https://shorturl.at/5799f

#Linux #Apache #HTTP #iptables #ServerHardening #DevOps #SysAdmin #CyberSecurity #aws #tech

Help, I broke my internet! #networking #iptables #ufw #curl #ping

https://askubuntu.com/q/1563296/612

Help, I broke my internet! #networking #iptables

https://askubuntu.com/q/1563296/612

Easy!

#linuxadmin #iptables #nftables #opensource #security

https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

Easy!

#linuxadmin #iptables #nftables #opensource #security

https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

Ох какое я себе весёлое родео устроил решив ради лулзов убрать всякие легаси фичи касающиеся iptables из ядра на домашнем сервере и перекатиться на nftables.

Даже Docker со всем его хозяйством перетащил.

Вы спросите зачем?

Я скажу, что почему бы и нет 🤷‍♂️

#log #Linux #iptables #nftables #firewall #Docker #troubleshooting

We've built another #firewall script, now running on all of our #servers. This one pulls the #Spamhaus list of spammy & malicious ASNs, uses our #ASN Lookup #API to convert each into IP lists, & adds those IPs to an #IPTables firewall chain.

Like with our other firewall scripts, this is #FOSS that you can grab for your own servers! You'll need an access key from our API portal for the lookups with this one, but they're only $8 for unlimited lookups! 😉

https://github.com/qwebltd/Useful-scripts/blob/main/Bash%20scripts%20for%20Linux/asn-firewall.sh

#secops #security

Alas, log does not seem to get picked up by logrotate - changed filename to /var/log/asterisk/fail2ban (already in /etc/logrotate.d and previously working) to see if thats any better (as apparently #FreePBX can alter /etc/logrotate.d but its not clear exactly where this happens!)

it turns out maybe some regexes in fail2ban may have been fine, but the full log generated by #Asterisk didn't contain "security" events so it couldn't find any to catch). I've also added "notice" to the security log and the regex *now* seems to snag these!

Turned off FreePBX software #firewall as fighting with #fail2ban #iptables rules (never worked straight anyway and didn't guard #SIP traffic), checking if config persist across reboots and services start correctly.. #VOIP

Iptables "-t nat -j LOG" inconsistent with other distros #networking #iptables #firewall

https://askubuntu.com/q/1562825/612

does `ufw` use `nftables` directly or indirectly via `iptables-nft`? #2204 #iptables #ufw #nftables

https://askubuntu.com/q/1562803/612

L7 маршрутизация Squid+IPTables и WireGuard, или как завернуть трафик в тоннель на основе имени домена

Многие интернет-ресурсы имеют большой пул ip-адресов, более того, этот пул может меняться. Делать nslookup для каждого интересующего сервиса и заворачивать все выдаваемые подсети — неудобно и неэлегантно. На помощь может прийти прокси‑сервер squid, настроенный прозрачно с функцией ssl_bump.

https://habr.com/ru/articles/983838/

#squid #iptables #wireguard #l7

Полный путь пакета в Linux: от Ethernet-кадра до Kubernetes CNI

Сетевую часть Linux обычно «настраивают», но редко понимают. Добавляют iptables-правило, включают NAT, правят sysctl — и если трафик пошёл, считается, что задача решена. Проблемы начинаются ровно в тот момент, когда он не идёт, а поведение системы перестаёт быть очевидным. В Linux нет магии. Есть IP-пакет, его заголовки и строго определённый путь внутри ядра: маршрутизация, netfilter, conntrack, NAT, TCP/UDP стек. Если не понимать этот путь целиком, firewall выглядит как чёрный ящик, NAT — как случайный набор правил, а Kubernetes CNI — как нечто «особенное», существующее отдельно от обычной сети.

https://habr.com/ru/companies/gnivc/articles/983800/

#network #networking #сеть #iptables #nftables #linux

Managing firewall rules is a crucial security task on Linux systems. In #Debian 13, depending on the server configuration, different firewall tools can be installed. The most common are #UFW, #iptables, or #firewalld. You must first check if your firewall is active and what rules are in place. Also, make sure that network ports are open or blocked.🔥

Continue reading:👇
https://greenwebpage.com/community/how-to-check-firewall-status-on-debian-13/

#UFW #IPTables #Firewalld #FirewallStatus #Debian13 #LinuxAdministration #GreenWebpage

Comment fait t'on pour bloquer les IP autres que ceux de france avec #iptables sous #proxmox?

RE: https://mstdn.feddit.social/@admin/115716445396750150

本来写了很多，但是太麻烦了，就用这个最简单的方法吧：编译完Linux内核就不用了

NAT端口转发尝试：

VM1：
ifconfig
得到内外IP为192.168.122.2

Hetzner0:
sudo virsh list --all
列出虚拟机
sudo virsh net-dhcp-leases default
确认VM IP 是 192.168.122.2
sudo iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.122.2:22
设置端口转发
sudo iptables -I FORWARD -d 192.168.122.2/24 -p tcp --dport 22 -j ACCEPT
sudo iptables -I FORWARD -s 192.168.122.2/24 -p tcp --sport 22 -j ACCEPT
允许转发流量
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
保存配置

其他命令：
sudo iptables -t nat -L PREROUTING -n --line-numbers
查看NAT转发规则
sudo iptables -t nat -D PREROUTING NUMBER
删除规则

#NAT #iptables #ubuntu #linux #cockpit