Iptables

G! Post iptables questions and configs!

>

> It is a shame if you are on g and don't know what is iptables!

Attached: images-1.png (225x225, 6K)

Other urls found in this thread:

superuser.com/questions/1138960/strict-detailed-iptables-rules-for-i2p
twitter.com/NSFWRedditVideo

> not using superior nftables
ishiggydigg

pf is superior.

damn, when I check auth.log, there is always some failed password attempts.
then I have to use fail2ban and manually add the ip range /16 to iptables INPUT DROP rule

Is a firewall mandatory if you're behind NAT?

Just on your AP.

I just use fail2ban tbqhwy

Can someone post an example config for a company ?

Iptables are light-years alway from a proper firewall.

Is ipchains in any way a usable alternative to plain iptables?

UFW

>OP actually uses IP tables.

Attached: 2016-01-17.png (498x520, 18K)

meme, also uses iptables anyway so why abstract shit even further

ufw is comfier

I got some points for this, but never an answer:
superuser.com/questions/1138960/strict-detailed-iptables-rules-for-i2p

# Generated by iptables-save v1.8.0 on Tue Oct 30 21:32:24 2018
*filter
:INPUT DROP [81:4937]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Tue Oct 30 21:32:24 2018
# Generated by ip6tables-save v1.8.0 on Tue Oct 30 21:32:24 2018
*filter
:INPUT DROP [1:72]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Tue Oct 30 21:32:24 2018

inst ufw just an iptables fronted?

Yes

So how is it better as several anons pointed out?

So, lets say I have 3 VPN's on a server, 2 server instances, 1 client instance.

All of the clients of the VPN servers I manage can talk to each other because they know the proper routes (openVPN pushes the route to the clients), however none of them can talk to the clients of the VPN server I don't manage, for example from the server I can ping to all the other clients of the third VPN, but the clients of my server can't.

Would IPTABLES masquerade help me in this case?

it's like saving a .txt file with nano vs emacs
end result is the same

TUN or TAP ?

Only if you're blocking ip addresses en masse.

Ehhh, one of my servers is TUN the other is TAP, the one I'm only a client is TUN. I can't push routes into that server so I was thinking of masquerading the traffic coming from my clients to the clients of the external server as traffic coming from the IP the external server gave me because at least that route is working.

bumping for this

kill yourself mass-replying nigger

Well known ports would be blocked. In the first solution