Your comments
Who cares, configuration by hand is faster and much more secure :)
9 years ago
AntiSpam and something like fail2ban or even the ability to block whole Countries would be lovely.
I managed it now I think, but the RAW seams to be more intuitive than the GUI.
eg: When I click add rule while being on Page2, an empty accept rule is added and the GUI shows page 1 again :) Kinda confusing.
Is there a way to show more than 10 rules on one page ?
eg: When I click add rule while being on Page2, an empty accept rule is added and the GUI shows page 1 again :) Kinda confusing.
Is there a way to show more than 10 rules on one page ?
After restarting the srever the permissions are broken again ?!
Arg now the IMAP no longer works :(
I have now deleted all RAW rule files under the RAW tab and came back to the GUI:
https://www.dropbox.com/s/2k0eqdmb6lofc8f/Screenshot%202014-07-08%2011.28.01.png
https://gist.github.com/daslicht/3af399475b3603948b51
Looks promising!
https://www.dropbox.com/s/2k0eqdmb6lofc8f/Screenshot%202014-07-08%2011.28.01.png
https://gist.github.com/daslicht/3af399475b3603948b51
Looks promising!
When I save the raw and than apply it nothing is added to iptables. same when just saving? How to apply RAW rules?
root@h2318011:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@h2318011:~#
root@h2318011:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:8000
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@h2318011:~#
thats my current RAW config:
*mangle
:PREROUTING ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT --in-interface lo -j ACCEPT
-A INPUT --match conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 22 -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 8000 -j ACCEPT
iptables -A INPUT -m iprange --src-range 85.153.25.2-85.153.25.255 -j DROP
iptables -A INPUT -m iprange --src-range 14.164.9.206-14.164.9.206 -j DROP
iptables -A INPUT -m iprange --src-range 211.0.0.0-211.255.255.255 -j DROP
COMMIT
Is it normal that when I save it, its not shown up in the GUI?
Do I have to apply it in gui , please?
*mangle
:PREROUTING ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT --in-interface lo -j ACCEPT
-A INPUT --match conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 22 -j ACCEPT
-A INPUT --protocol tcp --match tcp --destination-port 8000 -j ACCEPT
iptables -A INPUT -m iprange --src-range 85.153.25.2-85.153.25.255 -j DROP
iptables -A INPUT -m iprange --src-range 14.164.9.206-14.164.9.206 -j DROP
iptables -A INPUT -m iprange --src-range 211.0.0.0-211.255.255.255 -j DROP
COMMIT
Is it normal that when I save it, its not shown up in the GUI?
Do I have to apply it in gui , please?
I I save the file and apply the change i get:
iptables-restore v1.4.14: Can't set policy `ACCEPT' on `INPUT' line 10: Bad built-in chain name
* Process has exited with status 256
Customer support service by UserEcho
