hellresistor
commented
4 years ago are you using iptables or ufw ?
Closed poperigby closed 4 years ago
hellresistor
commented
4 years ago are you using iptables or ufw ?
poperigby
commented
4 years ago ufw
Apr 10, 2020, 8:43 AM by notifications@github.com:
are you using iptables or ufw ?
— You are receiving this because you authored the thread. Reply to this email directly, > view it on GitHub https://github.com/imthenachoman/How-To-Secure-A-Linux-Server/issues/55#issuecomment-612086692> , or > unsubscribe https://github.com/notifications/unsubscribe-auth/AE7GLJDV6ZYBM3KFKRSL3PTRL45CTANCNFSM4MBYZ5VA> .
hellresistor
commented
4 years ago Try This commands:
sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules
sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules
cp --preserve /etc/ufw/before.rules /etc/ufw/before.rules.$(date +"%Y%m%d%H%M%S")
cp --preserve /etc/ufw/before6.rules /etc/ufw/before6.rules.$(date +"%Y%m%d%H%M%S")
cp --preserve /etc/ufw/after.rules /etc/ufw/after.rules.$(date +"%Y%m%d%H%M%S")
cp --preserve /etc/ufw/after6.rules /etc/ufw/after6.rules.$(date +"%Y%m%d%H%M%S")
## add this at the end but before the COMMIT line:
# log all traffic so psad can analyze
sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before.rules
sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before.rules
sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before6.rules
sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before6.rules
sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after.rules
sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after.rules
sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after6.rules
sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after6.rules
ufw reload;)
poperigby
commented
4 years ago That worked. Thanks!
kpua
commented
2 years ago Try This commands:
sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules sed -i '/^COMMIT/i -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT' /etc/ufw/before.rules cp --preserve /etc/ufw/before.rules /etc/ufw/before.rules.$(date +"%Y%m%d%H%M%S") cp --preserve /etc/ufw/before6.rules /etc/ufw/before6.rules.$(date +"%Y%m%d%H%M%S") cp --preserve /etc/ufw/after.rules /etc/ufw/after.rules.$(date +"%Y%m%d%H%M%S") cp --preserve /etc/ufw/after6.rules /etc/ufw/after6.rules.$(date +"%Y%m%d%H%M%S") ## add this at the end but before the COMMIT line: # log all traffic so psad can analyze sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before.rules sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before.rules sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before6.rules sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/before6.rules sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after.rules sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after.rules sed -i '/^COMMIT/i -A INPUT -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after6.rules sed -i '/^COMMIT/i -A FORWARD -j LOG --log-tcp-options --log-prefix "[UFW "' /etc/ufw/after6.rules ufw reload;)
Super, Thanks
slesru
commented
5 months ago OK, what is solution if I run jist iptables on ubuntu 23.10? I already have -A INPUT -j LOG -A FORWARD -j LOG
And psad works, only annoying warning on startup. Why?
TechMiner-UK
commented
4 months ago OK, what is solution if I run jist iptables on ubuntu 23.10? I already have -A INPUT -j LOG -A FORWARD -j LOG
And psad works, only annoying warning on startup. Why?
Same here, I've added those and it still errors out, the only way to not get it to error is to manually enter the following commands: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A INPUT -j LOG ip6tables -A FORWARD -j LOG
However then the rules don't persist after reloading UFW, I'm 95% sure it's a me issue but for the life of me I can't figure out what is wrong
hellresistor
commented
4 months ago should install iptables-persistent
take a look here: https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux
Fuckingnameless
commented
4 months ago [-] You may just need to add a default logging rule to the 'filter' 'INPUT' chain on debian. For more information, see the file "README" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html
[-] Errors found in firewall config.
how to debug what is causing the error?
Fuckingnameless
commented
4 months ago i have tried everything i could find including this "fix" but still getting these errors
Danger level: [2] (out of 5)
Scanned destinations: 1
Source: fe80:0000:0000:0000:5ec9:d3ff:febd:5dd3
DNS: [No reverse dns info available]
Destination: 2804:07f4:fb80:ee1a:8239:66fc:c942:39f2
DNS: [No reverse dns info available]Overall scan start: Thu Apr 18 00:55:32 2024 Total email alerts: 9 Syslog hostname: debian
Global stats:
chain: interface: protocol: packets:
INPUT enp6s0 icmp6 40 [+] ICMP6 scan signatures:
Invalid ICMP type "137" chain=INPUT packets=3
[+] Whois Information (source IP): Unknown AS number or IP network. Please upgrade this program.
Fuckingnameless
commented
4 months ago it was the stupid router pinging all-hosts-group it seems
slesru
commented
4 months ago I think it is better to have config option to suppress this messages, I guess admin knows better what to do.
I'm getting this error message after running
sudo psad --fw-analyzeI followed the link it gave me and entered these two lines,
but I'm still getting the error.