1. ICPH

    iptables interface forwarding, want to block bogons

    Hello, my aim is to block so called "bogons" ( I will do it thru ipset (probably with hash:net parameter as the total number of IPs is few hundred million) But i need to block it on proper interface, because my server host few virtual servers whose...
  2. R

    How to open port 80 in firewall

    After an update my domains on my unmanaged VPS are not working anymore. It seems that port 80 and 443 are closed and remain closed even after adding rules in iptables. Could there be anything else keeping those ports closed? My VPS is running centos-6-x86_64 Any ideas where to look?
  3. splitice

    BPF: A Bytecode for Filtering

    What is BPF? BPF is an bytecode language for defining a filter to select interesting (or inversely non-interesting) packets. The language itself is extremely fast, and is usually executed in kernel without the need for superfluous copying or other wastage. What does it look like? What: List...
  4. howardsl2

    Securing Your Server using IPset and Dynamic Blocklists

    As a dedicated server or Virtual Private Server (VPS) owner, one of the important tasks is to defend against online attacks. In this tutorial I will discuss how to use IPset with dynamic blocklists to better secure your server. IP sets are a framework inside the Linux kernel, administered by the...
  5. howardsl2

    IPTables GeoIP, Port Scan Detection and Port Knocking using xtables-addons

    A quick tutorial on how to enable extra IPTables functionality such as geoip, port scan detection, port knocking and "tarpit" using the "xtables-addons" package. Full list of available modules can be found here. Note 1: Does NOT work on OpenVZ VPS (unless the host node provides the modules).  ...
  6. splitice

    iptables interface library for .net / mono

    My project for the past month (during hobby time) has been the development of an Open Source .NET abstraction library for IPTables on Linux (although any *nix / BSD should be compatible). Its designed to replace a non Open Source library I developed years ago and used for a few utilities. Its...
  7. K

    iptables replacement incoming?

    I've been watching this for a bit recently and it looks like a great replacement. Anyway, saw it pop up in a new feed ^_^ How many are rolling 3.xx kernel atm on their nodes? "NFTables is a new firewall subsystem / packet filtering engine for the Linux kernel that is poised to replace...
  8. drmike

    Blocking Tor Users and Tor Exit Nodes from Reaching Your Server

    So earlier tonight, vpsBoard was DDoS attacked offline.   The source,  malicious traffic from Tor. We've taken steps TO BLOCK TOR.   No more Tor traffic.  If you use it, get a VPN or Proxy or vpsBoard will probably not work much for you. This script is borrowed from Github and slightly...
  9. wlanboy

    iptables/ip6tables one file script

    I want to start a thread about how a one file script for iptables/ip6tables should look like. What default settings are ok and how different services like webserver, mailservers, etc can be unlocked. Why unlocked? Because like word filters I do not prefer blacklists: Everytime I read a post...