All Questions
79
questions
0
votes
0
answers
14
views
Firewall to white- or black-list incoming requests
Well over a decade ago, when I was a Windows user, I used a Kaspersky firewall that would pop up when an application wanted was receiving a connection and allow me to allow or deny such connections.
...
- 2,821
-1
votes
1
answer
2k
views
Use UFW (firewall) to deny incoming ping (ICMP) requests?
The ufw (uncomplicated firewall) command line app does not have any option for disabling incoming ICMP Internet protocol requests. ICMP is used mainly by ping to discover IP addresses of servers on ...
- 512
0
votes
0
answers
62
views
Specify L2TP VPN to use other port
I am currently at a hotel and they seem to block VPN use. I assume they block it by looking into the port it uses.
I would like to use my company VPN (L2TP). So, I think my best bet is to change the ...
0
votes
0
answers
301
views
Diference between IPTABLES RAW PREROUTING and MANGLE PREROUTING
I'm looking for configs to prevent DDoS attacks and UPnP Flood, since I've started to create rules, every advice was to add rules to filter table, but it takes too much CPU process, so started to ...
0
votes
0
answers
135
views
Block ips from certain country and security
I have an Ubuntu Server 22.04 with Nginx installed along with a laravel application.
When I view the access logs I can see a lot of attempts from a certain country to exploit my server and application....
- 131
0
votes
1
answer
633
views
Block access by Geo location
I'm wondering if it's possible to block access based on location, as many hackers and ransomware attacks in recent years came from Russia or Belarus etc.
I dont want my vps accessed by those ...
- 152
0
votes
1
answer
450
views
easy firewall ufw settings for a beginner coming from windows [duplicate]
I am used to firewall on windows. everything is allowed and new apps have to ask for permission.
when I look at current connections in settings' firewall tab, only a few have program names associated ...
- 217
0
votes
1
answer
619
views
DDoS Attack - Iptables bad configuration
I have Ubuntu 20.04.4 LTS. I am under a DDoS attack and don't know how to limit the connections made by multiple IP's (avobe 500).
I saw some post, like this or this, but don't know how to follow the ...
0
votes
1
answer
329
views
usg ufw conflict rules
I ran a usg audit (following https://ubuntu.com/blog/cis-security-compliance-usg)
sudo usg audit cis_level1_server
See audit result here
I don't understand what usg is trying to do with ufw.
First, ...
- 1
-1
votes
1
answer
671
views
ufw is not closing port for incoming packets even after i set the rule?
I am trying to stop steam from opening my port 27036.
The problem is that even after i enabled ufw, and even after manually setting a new rule to block this port (even tho by default it should block ...
- 224
0
votes
0
answers
369
views
How to block traffic when strongswan ikev2 tunnel not established
Strongswan ikev2 network manager plugin network-manager-strongswan was installed on ubuntu 20.04.4 and configured to reconnect automatically. However when VPN is not available I'd like to block all ...
- 101
1
vote
1
answer
281
views
What should I do if my server is under the attack?
I have a mail server on Ubuntu 20.04. Yesterday I set up UFW firewall which looks like:
root@vmi514622:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing),...
- 779
3
votes
2
answers
228
views
How to easily get all HTTPS addresses that an application connects to externally?
For those who have a firewall with highly restrictive outputs, they only need to release supposedly reliable addresses for each application, so I was wondering if there is any software or command line ...
- 73
0
votes
2
answers
13k
views
Whats the best firewall for ubuntu? [closed]
I am using Ubuntu and I want to use the best firewall (Free) possible for my security! I worry daily about getting hacked!
- 461
2
votes
1
answer
5k
views
What is the purpose of port 1234/TCP running by 'systemd' with process id '1' on Ubuntu 20.04
When I used $ nmap 192.168.1.X it shows that 1234/tcp OPEN hotline is open.
I am running behind firewall ufw, and there is no rule for port 1234.
$ lsof -i showed that it is running by systemd with ...
0
votes
0
answers
95
views
What steps must be taken to secure my Ubuntu installation from keyloggers and screen capture software? [duplicate]
I have a Ubuntu desktop. I want to protect my installation from software which can steal passwords I enter by logging keystokes or capturing the screen in case of a graphical on screen keyboard. I am ...
- 373
2
votes
1
answer
2k
views
iptables string match does not work whe the --to option is < 52
when I enter iptables rule which match string and the --to option is >= 52
example
iptables -I FORWARD 1 -m string --string anypattern --algo bm --to 100 -j DROP
The above works properly and ...
- 507
2
votes
0
answers
131
views
block flow with iptables
To block packets containing some string we use the following iptables rule:
iptables -I FORWARD 1 -p tcp --dport 80 -m string --string anypattern --algo bm -j DROP
This will block the packet ...
- 507
3
votes
1
answer
1k
views
How to block specific ip address while being attacked by hping3?
I am working on a project of cybersecurity and I am sending from Kali Linux an attack to an Ubuntu VM with the following command:
sudo hping3 -c 15000 -d 300 -w 64 -p 22 --flood 192.168.40.40
I have ...
- 152
3
votes
1
answer
8k
views
Is there a way to force UFW firewall accept only connections from local network? Better practices?
I was trying to setup the UFW firewall to allow my smartphone connecting my Ubuntu with KDE-connect and I saw this recommended configuration for UFW in KDE community (https://community.kde.org/...
1
vote
1
answer
377
views
Firewall Public Network Security
I have seen that utilisation of a firewall when using a public network is recommended.
So I install ufw and gufw and deny incoming connection and allow outcoming connection on all profiles.
Is that ...
- 43
0
votes
1
answer
171
views
Security public network
Which precautions should have to take when I will use a public network ?
I use Ubuntu 18.04 with a Windows 10 dual boot (on same disk) and I also use a private network with other Windows computers.
...
- 43
0
votes
0
answers
170
views
Can a firewall filter ip addresses?
The Linux firewall can filter ports but can it also block ip addresses from securing a connection?
- 29
1
vote
1
answer
688
views
ip6tables - configuration
I'm creating another thread for my ip6tables config.
ip6tables -F
ip6tables -X
ip6tables -t nat -F
ip6tables -t nat -X
ip6tables -t mangle -F
ip6tables -t mangle -X
ip6tables -P INPUT DROP
ip6tables -...
- 17
-1
votes
1
answer
473
views
IPtables configuration
First, i'm sorry for my english, not my first language.
I was wondering about IPtables. I read a lot of articles and posts about it, and thought i understood it at least a bit.
I spent hours trying ...
- 17
3
votes
1
answer
953
views
Protecting WSL-Ubuntu and WSL-OpenSSH (unfiltering port 443 correctly, to use just these)
I use WSL-Ubuntu on Windows 10 home (build 17134.472) basically just for OpenSSH
and Ansible and AFAIK both require only port 443 to be unfiltered to work properly.
I have both Windows Firewall and ...
user423047
8
votes
1
answer
10k
views
I can't use ufw on WSL-Ubuntu
I use Windows 10 home (build 17134.471) with WSL-Ubuntu 16.04 (xenial).
I executed apt update -y && ufw --force enable and got the following trace (I don't know what it means - maybe some ...
user423047
2
votes
0
answers
843
views
How do I use a Whitelist approach for some files with App Armor?
I'm pretty new to using AppArmor and am unaware of all it's features. I was wondering if it is possible to apply Whitelisting behavior to some files with App Armor?
I think whitelisting and ...
- 1,083
17
votes
3
answers
46k
views
How do I allow multiple ports simultaneously in UFW?
I've installed a new Ubuntu 16.04 and enabled ufw:
ufw enable
I tried these ways to unfilter multiple ports at once:
ufw allow 22/tcp 25/tcp 80/tcp 443/tcp 9000/tcp
ufw allow 22/tcp, 25/tcp, 80/tcp,...
0
votes
0
answers
447
views
"PSAD config File Does Not Contain Email Address" however, it does
I installed PSAD and I attempted to configure the system. I set my email address and my hostname, however, every time I run psad I get this error:
"[*] The config file "/etc/psad/psad.conf" does not ...
- 300
3
votes
1
answer
326
views
Can sshguard filter TCP+UPD ports? If so, how to prevent that?
I understand that sshguard guards from Brute Force Attacks on SSH, but does it also serve a iptables manager to filter TCP+UPD ports?
I could indeed use ufw to filter all ports, then unfilter the ...
0
votes
0
answers
2k
views
Allow VPS to connect through port 80/443
If two vps servers exist and one runs livechat website and the other the main website... Can I use UFW to only allow connections to the livechat from the main website only?
I started by using the ...
- 169
1
vote
1
answer
6k
views
How to block everything except http(s) and DNS in iptables?
I want to setup firewall on my Ubuntu machine, to specifically block everything in and out except ports 80/443 for browsing, and 53 for resolving DNS, I tried but no result.
Now Im using UFW which ...
- 79
1
vote
0
answers
570
views
Lubuntu - What is the BEST (and most of all easiest) way to monitor as well as block websites?
I set up an older Dell laptop for our kids to play with as well as use for school projects. However, just like with any technology they poke around and do what they want when no one is over their ...
- 11
-1
votes
1
answer
106
views
Unidentified port evading firewall
I am trying to tighten up security on my Ubuntu 16.04 Server. I noticed a port 115 open when i run ufw status on SSH.
I want to close this sneaky port, so I run ufw delete allow 115.
This is very ...
1
vote
1
answer
342
views
Should home users just turn on the firewall?
I'm using Ubuntu desktop and I want to know if any extra configuration is needed to secure my system.
I know that in the documentation it says that this is ok, but I read on a site that while ufw is ...
- 11
2
votes
1
answer
2k
views
Correctly limit IP connections
I asked many questions about this same subject, for example: here, and here.
The answer said I should set up the rule like this:
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ...
- 185
1
vote
1
answer
265
views
i have massive attack on port in my server
i have Ubuntu 15.4 server i open a port with number 20000 i got massive ddos attack on this port i typed in terminal
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
to ...
- 185
0
votes
0
answers
321
views
How to use iptables to prevent repeated attacks on port 80?
There a is massive attack on port 80 on my Server i try to use iptable This way to banned attackers
iptables -A INPUT -s 212.252.96.128 -j DROP
but there are too many IPs attacking how to prevent ...
- 185
0
votes
2
answers
187
views
Is there anything that should be done to increase security on a new system? [closed]
Let's assume I just installed Ubuntu on a laptop. This laptop may be used in different networks with different security measurements (at home, university, work place).
Is there anything that should ...
- 990
4
votes
1
answer
8k
views
How to configure UFW for a basic desktop / laptop? [closed]
Reading this answer about enabling UFW, I understand that a computer without firewall can be safe in my local network, but this same safe configuration on a laptop used outside of my local network ...
- 4,942
0
votes
1
answer
1k
views
Stateful Packet Inspection on Ubuntu?
By default Ubuntu doesn't have open ports (exceptions: Avahi and dhcp).
Assuming that my system is connected to the internet by direct way (no hardware firewall used):
If I am sending a UDP packet to ...
- 168
1
vote
1
answer
2k
views
Why ntpd needs an open port?
On my Ubuntu system I have activated the 'Time Synchronization via Internet'. Because of that the ntp daemon gets started.
What I don't understand: Why needs ntpd an open UDP port 123? Actually, I ...
- 168
-9
votes
2
answers
4k
views
I think my PC is being hacked. What should I do? [closed]
I'm afraid I'm being hacked: My Ubuntu is receiving inbound traffic while my PC is disconnected from Ethernet and WIFI, so my question is, how am I receiving inbound traffic? I even have a firewall ...
- 187
1
vote
1
answer
3k
views
How to perform detail packet capture on Ubuntu firewall?
I've routed internet traffic of my other systems on this ubuntu linux system where I have configured packet forwarding. but still I am unable to get internet on other systems.
Hence I want to ...
- 2,349
1
vote
0
answers
573
views
How to config PORT KNOCKING on CSF ubuntu server and access it by linux?
I'm trying to run port knocking work on a CSF on a small VPS, i setup this:
1 - the result of csf first test ok
2 -
TCP_IN = "53,80"
TCP_OUT = "53,80,113,443"
UDP_IN = "53"
UDP_OUT = "53,113,123"
...
1
vote
1
answer
74
views
I have some questions about Firewall [closed]
So I am pretty new to Linux (With the exception of Android), and being use to the old ways of Windows pretty much all I had to do for Firewall was turn it on and forget about it. However with Ubuntu ...
- 33
17
votes
6
answers
15k
views
Does spyware exist for ubuntu?
Someone I know said he had put spyware on my computer. Is he talking crap? I've been using Ubuntu 12.04 for nearly 3 years now and I've never seen any type of spyware, remote keyloggers or RATS (...
- 181
1
vote
1
answer
281
views
Juju security model issues
What plans are there to extend the security model in Juju? We see two significant issues with the current model - no internal firewalling within an environment, and the inability to expose ports to ...
- 41
4
votes
1
answer
3k
views
basic security tools and packages that should be installed on a public facing web server
I'm a newbie in this world and I do not have a lot of knowledge about how security works on Linux systems. I recently created a droplet on DigitalOcean with Ubuntu 13 and I've been setting it up by ...
- 152