Linux comes with a host based firewall called Netfilter. According to the official project site: netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the [...]

I admin ecom website and a lot of bogus traffic comes from countries that do not offer much in commercial value. How do I just configure Apache or iptables to just refuse connections to certain countries? You can block traffic at both Apache or iptables level. I recommend iptables to save some resources. First, you [...]

If you receive the following error on restating iptables on a VPS: error message: from firewall software ~ iptables: Unknown error 4294967295 you need to make sure the required iptable modules are loaded in the host server kernel. You have to use modprobe to load the following modules in the kernel: modprobe ipt_MASQUERADE modprobe ipt_helper [...]

This tutorial will explain how to install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to [...]

iptables -I INPUT -m hashlimit -m tcp -p tcp –dport 23032 –hashlimit 1/min –hashlimit-mode srcip –hashlimit-name ssh -m state –state NEW -j ACCEPT This rule limits one connection to the SSH port from one IP address per minute. hashlimit match options –hashlimit-upto max average match rate [Packets per second unless followed by /sec /minute /hour [...]

CODE Banning an IP iptables -A INPUT -p all -s IPHERE/32 -j DROP CODE Unbanning and IP iptables -D INPUT -p all -s IPHERE/32 -j DROP CODE Listing the last five ip’s with the most connections netstat -atnp -A inet | grep “:80″ | awk -F ” ” ‘{print $5} ‘ | awk -F “:” [...]

Here I present an abbreviated explanation of the process of creating firewall and cluster objects. More detailed step-by-step guides are available in sections “Firewall Object” and “Cluster Object” of the Firewall Builder Users Guide. As usual, to create a firewall object I use main menu “Object/New object” which opens a menu of object types: Figure 4. Creating [...]

Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and [...]

Here is small script that does this. Debian or Ubuntu GNU/Linux does not comes with any SYS V init script (located in /etc/init.d directory) . You create a script as follows and use it to stop or flush the iptables rules. Please don’t type rules at command prompt. Use the script to speed up work. [...]

If you’re new to Linux, here’s a simple firewall that can be setup in minutes. Especially those coming from a Windows background, often lost themselves while creating linux firewall. This is the most common question asked by Linux newbies (noobs). How do I install a personal firewall on a standalone Desktop Linux computer. In other [...]