Search Results
Letting DHCP requests through iptables - faqs.org
www.faqs.org/docs/iptables/lettingdhcprequests.html
$IPTABLES -I INPUT -i $LAN_IFACE -p udp --dport 67:68 --sport \ 67:68 -j ACCEPT. Do note that we allow all traffic to and from UDP port 67 and 68 now, however, this should not be such a huge problem since it only allows requests from hosts doing the connection from port 67 or 68 as well. This rule could, of course, ...Matches - faqs.org
www.faqs.org/docs/iptables/matches.html
Note that this match does not handle multiple separated ports and port ranges. For more information about those, look at the multiport match extension. Match, --The conntrack entries - faqs.org
www.faqs.org/docs/iptables/theconntrackentries.html
The conntrack entries. Let's take a brief look at a conntrack entry and how to read them in /proc/net/ip_conntrack. This gives a list of all the current entries in your conntrack database. If you have the ip_conntrack module loaded, a cat of /proc/Commands - faqs.org
www.faqs.org/docs/iptables/commands.html
Example, iptables -D INPUT --dport 80 -j DROP, iptables -D INPUT 1. Explanation, This command deletes a rule in a chain. This could be done in two ways; either by entering the whole rule to match (as in the first example), or by specifying the rule number that you want to match. If you use the first method, your entry must ...explanation of rc.firewall - faqs.org
www.faqs.org/docs/iptables/explanationofrcfirewall.html
--dport 21 means destination port 21, in other words if the packet is destined for port 21 they also match. If all the criteria are matched, then the packet will be targeted for the allowed chain. If it doesn't match any of the rules, they will be passed back to the original chain that sent the packet to the tcp_packets chain.rc.DMZ.firewall.txt - faqs.org
www.faqs.org/docs/iptables/rcdmzfirewalltxt.html
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP \ --dport 53 -j DNAT --to-destination $DMZ_DNS_IP. First of all, DNAT can only be performed in the PREROUTING chain of the nat table. Then we look for TCP protocol on our $INET_IFACE with destination IP that matches our $DNS_IP, and is directed ...UDP connections - faqs.org
www.faqs.org/docs/iptables/udpconnections.html
UDP connections. UDP connections are in them selves not stateful connections, but rather stateless. There are several reasons why, mainly because they don't contain any connection establishment or connection closing; most of all they lack sequencing. Receiving two UDP datagrams in a specific order does not say ...Example scripts code-base - faqs.org
www.faqs.org/docs/iptables/examplecode.html
--syn -m state --state NEW -j DROP # # allowed chain # $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j DROP # # TCP rules # $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed $Targets/Jumps - faqs.org
www.faqs.org/docs/iptables/targets.html
Example, iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 -j DNAT --to-destination 192.168.1.1-192.168.1.10. Explanation, The --to-Example rc.DMZ.firewall script - faqs.org
www.faqs.org/docs/iptables/include.rcdmzfirewall.html
$IPTABLES -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT # # All established and related packets incoming from the internet to the # firewall # $ In order to show you the most relevant results, we have omitted some entries very similar to the 10 already displayed.
If you like, you can repeat the search with the omitted results included.