≡ Menu


Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?
[click to continue…]

Q. I've couple of remote servers and I'd like to access few admin only application running on port 10000 and 3001. My firewall only allows port 80, 443, 25, 22 and 110 for public access. Do I need to open port 10000 and 3001 for everyone using firewall? How do I access my admin only apps without opening port 10000 and 3001?
[click to continue…]

How do I open a network port range in the firewall under OpenSuse / Suse Enterprise Linux server? How do open a port range in my firewall, such as the TCP ports 30000 to 35000?
[click to continue…]

Debian Linux Stop Iptables Firewall

H do I stop Iptables firewall under Debian Linux server system?
[click to continue…]

Q. I'd like to change ssh port from 22 to 2346. I changes the ssh port and reloaded OpenSSH but didn't get through my firewall. I'm using APF firewall script under cPanel control panel? How do I open port 2346?

A. By default APF configured via /etc/apf/conf.apf file. All you have to do is login as the root and specify port number.

Open port 2346 using APF

Login as the root

Open config file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
Find line that read as follows:
Add port 2346 (keep all other ports):
Close and save the file. Restart firewall:
# /etc/init.d/apf restart

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
$ sudo iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
droplist   all  --  
droplist   all  --  
ACCEPT     all  --  
ACCEPT     all  --  
ACCEPT     all  --
DROP       all  --
DROP       all  --
DROP       all  --
DROP       all  --
LOG        all  --           LOG flags 0 level 4 prefix `DROP List Block'
DROP       all  --

The --line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule's position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

Iptables is not sending LOG to syslog file

Q. I am running SSH/MySQL/Webserver and setup iptables based firewall. But my logs are send to console rather than the system log files. How do make sure that iptables LOG target messages are send to /var/log/messages file?

A. IPTABLES LOG module turns on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log where it can be read with
dmesg or syslogd.

You can configure level of logging with an option called --log-level level. For example, drop and LOG all incoming port 22 TCP, message:
iptables -I OUTPUT -j LOG --log-level crit -p tcp --dport 22

Read man pages of iptables and syslog.conf for more info.