ipset – a tool consisting of a kernel module, libraries and utility, allowing you to organize a list of networks, IP or MAC addresses, etc., which is very convenient to use for example with IPTables.
Tag Archives: IPTables
IPTables rules for FreeRADIUS
Suppose INPUT is the default DROP, I’ll give examples of IPTables rules for FreeRADIUS:
Blocking social networks using iptables
Once on one of the NAT servers I needed to block some sites. If the sites are located on several IP addresses, then you need to find out these ranges of IP addresses, for example, look for VKontakte on bgp.he.net, for example, a list of subnets for one of the AS belonging to VK “http://bgp.he.net/AS47541#_prefixes”. […]
IPTables rules for DNS
Suppose the default INPUT DROP and a DNS server is installed, now I will give an example of IPTables rules so that clients can access the DNS server. To open the DNS port in IPTables, let’s execute the rule:
IPTables rules for DHCP
Assume the default server INPUT DROP, now I will give an example of a simple rule permitting DHCP requests to the server, this will be enough for clients to get IP from the server (where em1 is the network interface on which the DHCP server is running): To remove a rule, we’ll specify the same […]
The solution to the error “Another app is currently holding the xtables lock”
Recently noticed on one server with the billing system ABillS, that when the script /etc/ppp/ip-up is executed in bulk, an error occurs: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? Having looked at the script code, I found that there are two rules among the iptables rules […]
IPTables rules for the web server
To open the web server port in IPTables, execute the following command: If HTTPS is used, then also: To open only a particular network, for example 192.168.0.0/24: You can also restrict access by the IP configuration of the web server itself, for example, as I described for Apache2 in this article – Access Control Apache2. […]
IPTables rules for SSH
To enable access to the SSH server in IPTables, you must add a rule: To open only a particular network, for example 192.168.0.0/24: You can also restrict access by the IP configuration of the SSH itself. To remove a rule, we’ll specify the same command, replacing -A with -D, for example: To view the list […]
IPTables rules for Iperf
Let’s look at the current IPTables rules: To open a port for the Iperf server, add the rule: To open a port for a specific IP or network: See also my articles: Configuring IPTables Testing network bandwidth with Iperf
IPTables rules for ntopng
First of all, let’s look at the current IPTables rules: To open the ntopng port, add the rule: To open the ntopng port for a specific network or IP only: See also my articles: Configuring IPTables Install and configure ntopng