Questions tagged [firewall]
A Firewall is an application or hardware device used to inspect and filter network traffic.
4,326 questions
0 votes
1 answer
53 views
Can we implement file attachment or file transfer restrictions through VPN policies (e.g., WireGuard or OpenVPN)? [closed]
I'm exploring how to control or restrict file attachments and file transfers at the VPN level, using WireGuard or OpenVPN, to prevent users from uploading or downloading certain files while connected ...
0 votes
2 answers
74 views
PFSense Firewall Rules Not Blocking Traffic At All
I can't get any of my PFSense firewall rules to block anything. As an example, I am tryin to prevent all traffic from the LAN subnet from communicating with the 10.0.2.0/24 network. This screenshot ...
0 votes
1 answer
96 views
How to enable a Vagrant/VirtualBox virtual machine & NFS by rules in host machine UFW firewall? (vagrant up freezes at NFS mounting)
When running vagrant up, it gets stuck at the point when it's trying to mount the NFS shared folders. https://github.com/hashicorp/vagrant/blob/f2960d545864e1b644fe7fb0f3b82fec9895dd13/website/content/...
- 1
0 votes
0 answers
21 views
Firewall - Lightsail AWS
Currently I’m working with a server running in an AWS Lightsail instance. This instance runs Alma Linux with lightspeed, WHM and cPanel. Well, I saw this on the firewall on instance management: ...
1 vote
1 answer
200 views
NF Tables : why this last check is failing?
I am trying to setup some very specific rules with NF tables, but I am stuck at some point. There is obviously something I am missing. Here is the script I am using: #!/usr/sbin/nft -f flush ruleset ...
- 1,365
8 votes
1 answer
529 views
Do NMAP connectivity results confirm application-level connectivity over the same route?
I have a host on an internal network that needs to connect to an external ip to perform application level functions. It has been suggested by the application's support that our firewall configuration ...
1 vote
0 answers
110 views
Proxmox Reverse Proxy external IPv6 and port 8080
Having trouble to configure apache2 on Proxmox-Server as Reverse Proxy to an external IPv6 address with port 8080. In a small project I want to configure an Reverse Proxy from my external Proxmox-...
0 votes
0 answers
129 views
CrowdSec not showing alerts
I am new to CrowdSec. I have 5 nearly identical AWS instances (separate servers, not scaling) and have installed CrowdSec on all 5 using the simple instructions at https://app.crowdsec.net/security-...
- 103
0 votes
0 answers
79 views
Fortigate 60F: Clients Lose Internet Despite Firewall Ping Success
We are using a Fortigate 60F firewall and we have recently experienced internet unavailability issue which was automatically solved with a firewall restart in one case. Our setup includes four ...
- 21
1 vote
0 answers
32 views
Looking for advice on firewalls with CLI [closed]
I’m developing a firewall configurator for a pharmaceutical enterprise. Currently, our app connects to Cisco ASA firewalls and configures them through CLI based on user input (IPs, ports, instrument ...
- 11
0 votes
0 answers
41 views
Restrict DHCP Requests By Hostname
I'm currently using a MikroTik RB450G as the DHCP server, with a trunk link from the core switch carrying 11 VLANs that all need DHCP services. My requirement is: Only devices with the hostname "...
- 1
0 votes
0 answers
118 views
Why are some ports filtered, after upgrade?
I have just upgraded to Debian Trixie and bricked my mail server in the process. One of the issues is the mail related ports are not reachable. avasarala@rocinante:~$ telnet mail.mydomain.com 143 ...
2 votes
0 answers
43 views
Google Compute Engine, How to get network traffic totals
On our google compute engine VMs, we are considering adding a firewall rule limiting access to specific countries. This requires geolocation IP services which is an additional fee, charged based on ...
google-compute-engine
0 votes
0 answers
79 views
Sonicwall firewall unable to setup untrusted devices to access a specific device on trusted zone on different subnet
I'm trying to setup two zones (trusted and untrusted) on my Sonicwall firewall. Lan X0, X3, X4 are assigned to trusted zone with IP 172.16.1.x. X2 is assigned to untrusted zone with IP 172.16.2.x My ...
- 1
1 vote
1 answer
88 views
fwknop: Sending custom commands
I'm migrating from knock to fwknop (Debian 12 server and Ubuntu 24.04 client). I'm trying to send custom commands from a client with fwknop so I can then process them in a script and, depending on the ...
1 vote
0 answers
25 views
Cannot open a port on a remote gcloud server
I've got a server (let's name it A). There is an Nginx on the entry point, on the server, not in the container. So all requests to my server are handled by Nginx. Then, there are services inside ...
- 11
3 votes
1 answer
205 views
How to monitor iptables changes on Linux
I'm looking for a reliable way to monitor iptables changes in real-time on Ubuntu. So far, I’ve tried using Falco, which allows me to monitor calls to the iptables binary, but it's not ideal since I ...
- 153
3 votes
1 answer
261 views
Internal routing with two firewalls
I used to operate a network with a single firewall (Sophos UTM) that had a foot in multiple VLANs and performed as router in between those where allowed. For more security I added a second firewall ...
- 133
0 votes
1 answer
62 views
Apache accepts request from the server itself, but not from other computers
I installed Apache on a Debian 13 VPS (using the usual apt-get). On previous experiences, it's an easy setup: Install the server: sudo apt-get install apache2: Start the server: sudo systemctl start ...
- 351
0 votes
1 answer
62 views
Ansible causing SSH connections to drop when used
I'm starting to get Ansible setup to manage a proxmox based homelab. The current setup is: Proxmox server, with a mix of VMs and LXC containers Proxmox firewall configured to allow SSH access. I've ...
0 votes
0 answers
62 views
UFW: allow routing to dummy interface on only one port
I have an Ubuntu server with two interfaces, one physical eth0 on network xx00::/64 with static link-local ip fe80::25/64 and one dummy dummy0 with static public ip xx01::1/64. On the gateway fe80::25 ...
- 1
0 votes
0 answers
108 views
Find out whether an IP address is within a subnet in Mikrotik address list
In a script I use following line to find out whether some address is already in a list: /ip fire addr find where list=$listName address=$logIp The block looks as follows: :if ([:len [/ip fire addr ...
- 295
0 votes
0 answers
39 views
Opening ports for Postgresql on Oracle OCI "Always free" Linux 7.9 machine
I've updated the VM's firewall-cmd stuff and it shows VM Firewall-cmd --list-all I've opened the vcn ingress rules, Ingress Rules I'm trying to connect with pgAdmin4, but NO.... pgAdmin And being a ...
0 votes
0 answers
68 views
Webserver not responding to requests through NAT firewall
I am setting up a firewall to guard a web server. I don't need it to be secure since it is not publicly available and will not be in the near future. But I need to set up the firewall so that the ...
- 1
0 votes
1 answer
92 views
Cannot reach Debian virtual machine with web server running in Hyper-V guest from host or another guest
I have a Windows 11 Hyper-V host with two guests, Windows Server 2012, and Debian 12, both has web servers. From host I can reach web server on Windows Server 2012 but cannot reach web server on ...
- 121
2 votes
0 answers
79 views
Linux & NFT firewall: On big set, one element's interface is always malformed
I am in the middle of installing NFT-based firewalls on some routers. Routers run Slackware linux, kernel 6.12.21, nftables 1.1.1, libnftnl 1.2.8. The actual firewalls are generated from a list of ...
- 41
0 votes
1 answer
60 views
Rules nftables by text patern
I need assistance with configuring nftables rules. I'm facing an issue where my web server is being targeted by attacks directed at specific URL patterns. Problem Description: Specifically, I'm ...
0 votes
0 answers
45 views
Is a wildcard domain inside another wildcard domain ok?
We currently host bei hoster 'X'. Our NS has an entry for example.com and *.example.com point to this hoster's IP As we migrate to another hoster 'Y' we setup a temporary domain tmp.example.com and *....
- 234
0 votes
0 answers
40 views
Network segmentation or VLAN on OpenVPN
I work for a small POS reseller and we typically set up a local network for our customer behind their ISP's (usually business class) cable modem/router. Some of our systems use on prem servers which ...
0 votes
1 answer
119 views
Unable to access Linux server behind QNAP NAS Wireguard VPN
I have a QNAP connected to a router on a remote network. On the same network, connected to the same router, there is also a linux server. Within the remote network, everything works fine. I can access ...
- 375
0 votes
0 answers
90 views
Why does OUTPUT-marked traffic hit PREROUTING again?
I'm implementing TPROXY with the following rules: ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N pre_tproxy iptables -t mangle -A pre_tproxy -p tcp -...
- 101
0 votes
1 answer
87 views
Firewalld. How to preserve current rules after reload
There are rules applied to firewalld from two services, Fail2ban and Wireguard. Whenever I reload the firewall service the rules are lost. How to preserve them between reloads? # firewall-cmd --get-...
- 517
0 votes
0 answers
113 views
Using pfSense on Zimaboard 832 with UDM Pro Max: NAT on pfSense or Transparent Mode?
I'm setting up a network for my home lab that involves a few UniFi devices alongside a dedicated pfSense firewall. Here’s my current topology: Internet/ISP connects to Zimaboard 832 running pfSense (...
- 1
0 votes
1 answer
103 views
I am using Calico Host Endpoints and Global Network policies to filter traffic per interface but seeing packets dropped I am not expecting
I have a global network policy that looks something like this (log any packet not to port 30000 and only allow traffic to port 30000 on interface ens4) : apiVersion: projectcalico.org/v3 kind: ...
- 3
1 vote
1 answer
83 views
Unable to connect between Oracle compute instances
I manage several Oracle cloud compute instances (all Ubuntu servers) located in different regions. All VMs have iptables set to allow ingress traffic on port 22, and the same ingress rules are applied ...
- 113
0 votes
1 answer
92 views
Using the OUTPUT chain in Iptables
I try to redirect packets, outcoming on 127.0.0.1:8095 to another host in my local network 10.11.12.5 : 22 . For example, I'd like to implement : ssh [email protected] -p 8095 and be redirected to ssh ...
- 3
0 votes
1 answer
71 views
Add firewall to veth interface
I am trying to add a firewall to a veth interface that only operates at layer 2 (Data link layer) for right now (it only has a MAC address and IPv4) address. How can I modify the interface so that a ...
- 101
0 votes
0 answers
99 views
Firewall in Bridged LXC Containers
I am new to networking, and I am trying to implement a firewall inside of an LXC container (Alpine Linux) that is bridged with another LXC container (Alpine Linux) through a br0 interface. Right now, ...
- 101
0 votes
0 answers
148 views
Captive Portal in Alpine Linux Container
I am new to Networking. I am working on a project where I need to implement a Captive Portal inside an Alpine Linux container, but there are some tricky parts to it. The system I am working on uses ...
- 101
1 vote
0 answers
638 views
DHCP Server -> Client port requirements
I've got two Windows Server 2022 machines that are in DHCP Failover hot-standby configuration. In addition, within the hot-standby configuration there are a number of scopes. My question are: 1- I ...
- 455
2 votes
1 answer
857 views
Adding a custom firewall rule to ESXi8
I want to run a VM that hosts a TFTP server (port 69) in ESXi8. ESXi does not have a default firewall rule to cover this, and adding a new custom rule apparently is not supported at the end-user level....
- 23
0 votes
0 answers
42 views
Vm Rocky8 Server firewall IAP
I keep getting this error code when i try to connect via ssh rocky linux *** Connection failed We are unable to connect to the VM on port 22. Please ensure that VM has a firewall rule that allows TCP ...
0 votes
1 answer
644 views
How to configure Fail2Ban to block all protocols (TCP, UDP, ICMP) instead of just TCP?
I have Fail2Ban installed on my server and I would like it to block all protocols (TCP, UDP, ICMP) when an IP is banned, not just TCP. I am trying to set the protocol = all option, but I am facing ...
- 11
0 votes
0 answers
62 views
MikroTik Walled Garden - Samsung Pay Whitelist
[Cross-posted from Network Engineering because original question was closed as off-topic] We have a hotspot service that connects into MikroTik routers, using the built-in hotspot facility. With this ...
- 111
0 votes
1 answer
83 views
Filtering based on interface IP
I have a local-facing interface on my firewall which has multiple IP addresses (192.168.0.1 and 192.168.0.5) assigned to it. Packets from both of these IPs are forwarded to the WAN interface. However, ...
0 votes
0 answers
70 views
How to add own iptables rule on host after run Nomad job?
I have the infrastructure with Nomad. For some jobs I need to add custom iptables rule (iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu) first on node host (not in a ...
- 1
0 votes
1 answer
86 views
Unifi Dream Router-restrict S2S traffic to one local network
I have a unifi dream router configured with 2 local networks. Network1 is my home network (192.168.1.0/24) and network2 is my home-business network (172.16.1.0/24). I have a site to site (S2S) vpn ...
- 101
0 votes
0 answers
116 views
Firewalld setup for public facing and restricted services
Here is my goal: I want to have certain ports/services open for everybody and some ports/services should only be accessible for a certain/trusted IP. The restricted services should be seen as closed (...
0 votes
1 answer
596 views
nftables: oneliner to count, log (with limit) and drop
I am using nftables v0.9.6 and the geoip database to drop inbound traffic from specific countries. For example, I have in a chain: meta mark 0x0000033a drop comment "block traffic from GB" ...
- 66
0 votes
1 answer
1k views
Keepalived NAT with firewalld: STATE_INVALID_DROP blocking return packets from real servers
I've set up Keepalived as a load balancer but am not using a Master/Standby configuration—just a single server. The issue arises when firewalld is enabled. Without firewalld, everything works fine. ...
