Search found 13 matches

by gwatson
2019/05/23 10:14:25
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

If I look at the tcpdump @TrevorH, I dont see any replies back to the offending IP's in the Destination, they only show up in the source - is this what you mean? @jlehtone, yes one would have to wonder why you would have to Accept the allowed address if you have to reject the Drop address. Is your s...
by gwatson
2019/05/23 09:44:50
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

Sorry, I missed page 2 and didnt see replies to @billwest
by gwatson
2019/05/23 09:41:50
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

I have that in there @billwest, are you saying I should move it? #!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 22 # This is essential when working on remote servers via SSH to prevent locking yourse...
by gwatson
2019/05/23 01:06:31
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

So I shouldnt be worried about seeing that traffic? Is there a way to check on the other side of the firewall to see if anything is getting past? I would rather not have to explicitly block an address or subnet, is there a way I can block all traffic and only allow certain ip addresses or subnets? T...
by gwatson
2019/05/23 00:59:38
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

Here's output from iptables -nvL [root~]# iptables -nvL Chain INPUT (policy DROP 1466 packets, 559K bytes) pkts bytes target prot opt in out source destination 395 30566 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 633K 1735M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 4845K 1013M ACCEPT all -- * * 0...
by gwatson
2019/05/22 11:04:58
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

Are you able to point out where that is directive is coming from based on that script I have setting up the rules? Do I have something out of place? I dont see any accept all The only thing before the DROP commands are # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # S...
by gwatson
2019/05/22 02:22:41
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Re: Attackers getting past IPTables

Pretty sure Firewalld is not running - it is using iptables firewall-cmd --state not running [root]# iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELA...
by gwatson
2019/05/21 20:59:31
Forum: CentOS 7 - Networking Support
Topic: Attackers getting past IPTables
Replies: 16
Views: 1236

Attackers getting past IPTables

Hello all, Running Centos 7 and have IPTables set to block most inbound traffic. However some attackers are getting past the firewall. System is a pbx running Asterisk software and port 5060 is forwarded from the hardware firewall. I want to be able to accept traffic from only a few IP Addresses (or...
by gwatson
2018/08/16 03:39:07
Forum: CentOS 7 - Security Support
Topic: IPTables help
Replies: 7
Views: 2017

Re: IPTables help

Thanks for your help TrevorH.

I added the '-m state --state NEW' to my drop lines and it seems this has resolved the issue of getting passed the firewall.

I would have rather had everything blocked, then just add lines to allow certain IP addresses, but this will do for now

Thanks again
by gwatson
2018/08/12 13:16:34
Forum: CentOS 7 - Security Support
Topic: IPTables help
Replies: 7
Views: 2017

Re: IPTables help

I should have mentioned earlier this is an Asterisk PBX running on Centos so there should be very limited inbound traffic, with the exception of a few remote users that are local. I am ok with blocking all of those large subnets. What I really wanted was to block all inbound traffic and only allow s...

Go to advanced search