hi
I am running fedora on RPI and i have configured it to a small web server. I have everything running besides the IPtables, each time I start my RPI my Iptables wont start automatically and says its inactive (dead) so i would have go back and get enabling and starting the iptables. but the thing is when i start it my firewalld would go down and be inactive.
how do i fix this?
thx
-
FLYFISH TECHNOLOGIES
- Posts: 1750
- Joined: Thu Oct 03, 2013 7:48 am
- Location: Ljubljana, Slovenia
- Contact: Website
Re: Iptables and firewalld
Hi,
I'm using iptables for both static and dynamic rules. The static rules are defined with standard iptables rule lines (well, obviously
).
I handle dynamic records indirectly - rules are static, but they don't apply for IP but for ipset members instead. These members are added dynamically according to various traps (eg. analyzing mail greylisting - "connect from unknown" record is one of strong indices that you're dealing with spammer and you can block this IP. You can equally block also spamming attempts from some domains, like "WAYN.com". Another example is to monitor http error log and when you catch "admin" substring present in URL, then this is spider knocking&searching for potential doors, so you can also block this IP.)
To successfully implement this, you need to understand well what is going on to be able to configure this properly. Additionally, some scripting is needed to extract IP addresses for dynamic handling... but on the other hand, you're able to customize the firewall 100% according to your needs.
Best wishes, Ivan Zilic.
I believe that iptables and firewalld cannot coexist and you have to make a decision which one to use.shamal wrote:but the thing is when i start it my firewalld would go down and be inactive.
I'm using iptables for both static and dynamic rules. The static rules are defined with standard iptables rule lines (well, obviously
).I handle dynamic records indirectly - rules are static, but they don't apply for IP but for ipset members instead. These members are added dynamically according to various traps (eg. analyzing mail greylisting - "connect from unknown" record is one of strong indices that you're dealing with spammer and you can block this IP. You can equally block also spamming attempts from some domains, like "WAYN.com". Another example is to monitor http error log and when you catch "admin" substring present in URL, then this is spider knocking&searching for potential doors, so you can also block this IP.)
To successfully implement this, you need to understand well what is going on to be able to configure this properly. Additionally, some scripting is needed to extract IP addresses for dynamic handling... but on the other hand, you're able to customize the firewall 100% according to your needs.
Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32
Solution: http://www.flyfish-tech.com/FF32