How do I build a Simple Linux Firewall for DSL/Dial-up connection?

If you’re new to Linux, here’s a simple firewall that can be setup in minutes. Especially those coming from a Windows background, often lost themselves while creating linux firewall. This is the most common question asked by Linux newbies (noobs). How do I install a personal firewall on a standalone […]

Howto: deny/allow IP using iptables

How to block an IP using iptables? iptables -A INPUT -s xx.xx.xx.xx -j DROP How to block an IP for a specific port: iptables -A INPUT -p tcp -s xx.xx.xx.xx –dport PORT -j DROP How to allow access to an IP?

Xtables-Addons On Centos 6 & Iptables GeoIP Filtering

This tutorial will explain how to install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that […]

Using hashlimit in iptables

iptables -I INPUT -m hashlimit -m tcp -p tcp –dport 23032 –hashlimit 1/min –hashlimit-mode srcip –hashlimit-name ssh -m state –state NEW -j ACCEPT This rule limits one connection to the SSH port from one IP address per minute. hashlimit match options –hashlimit-upto max average match rate [Packets per second unless […]

Linux Iptables Avoid IP Spoofing And Bad Addresses Attacks

Spoofing and bad address attack tries to fool the server and try to claim that packets had come from local address/network. Following IP/netwok address are know to open this kind of attack: Incoming source IP address is your servers IP address Bad incoming address from following ranges: => => […]

error: “net.bridge.bridge-nf-call-iptables” is an unknown key

root@xxxxxx:~# sysctl -p /etc/sysctl.conf got an error: error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key Fix: sudo modprobe bridge

How to do MAC address packet filtering using IPTables

Media Access Control address (MAC address) or Ethernet Hardware Address (EHA) or hardware address or adapter address is a quasi-unique identifier attached to most network adapters (NICs). It is a number that acts like a name for a particular network adapter, so, for example, the network cards (or built-in network […]