Ping a Specific Port

Question

eri

Asked: 2021-02-24 07:53:38 +0800 CST2021-02-24 07:53:38 +0800 CST 2021-02-24 07:53:38 +0800 CST

Firewalld insert rule before ESTABLISHED

772

I want to ban already established connections.

Default iptables rules generated by firewalld

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct

How to insert rule before -j ACCEPT ?

Or how to move INPUT_direct to top?

Or how to remove conntrack rule?

2 Answers

Voted

basekat · Answer 1 · 2021-02-24T07:59:23+08:00

basekat

2021-02-24T07:59:23+08:002021-02-24T07:59:23+08:00

You can insert an iptables rule with iptables -I parameter So if you specify iptables -I INPUT -j INPUT_direct this rule will be inserted to to top.

If you specify it with a row numer: iptables -I INPUT 2 -j INPUT_direct it will be inserted as rule in line 2.

In order to move the rule:

Delete it first: iptables -D INPUT -j INPUT_direct
Insert it to the top iptables -I INPUT -j INPUT_direct

1

eri · Answer 2 · 2021-02-24T08:12:12+08:00

eri

2021-02-24T08:12:12+08:002021-02-24T08:12:12+08:00

As workaround I inserted rule in raw (or mangle) table:

firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 0 \
  -m set --match-set ipsetname src -j DROP

This chain is before INPUT and as i have no FORWARD on this machine - it solves my problem.

0

Firewalld insert rule before ESTABLISHED

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?