May 14, 2009, 8:02 am
Assuming your iptables is set to drop all Output and only allow through what you tell it to, you will need to do a few things to ensure that pacman can still sync, update, and install packages for you.
First thing first, you need to make sure that iptables is allowing the basics (FTP, HTTP, DNS, etc)
iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
But even with these ports open you’ll notice you cannot do a pacman -Sy.
Simply;
modprobe ip_conntrack_ftp
and pacman should now work as usual. To have the module loaded at boot, make sure to edit your /etc/rc.conf file and add this to the MODULES = section, and you’re all done.
June 21, 2008, 8:51 pm
Multiple sites reported a while ago that Comcast was using Sandvine to do tcp packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it’s been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. So, if you are tired of Sandvine (the application used by Comcast to throttle Bit Torrent with fake TCP packet resets) screwing with your BitTorrent and a user of GNU/Linux, then this is for you. I will tell you how to take your bandwidth back.
Also see:
- Basics of iptables
- Iptables: How to save and restore rules at boot & shutdown
- How to Encrypt Bit Torrent Traffic With Ktorrent and Azurues
- Import PeerGuardian Blocklists into Ktorrent & Deluge
Continue reading ‘Beating Sandvine on Linux with iptables’ »
May 15, 2008, 9:20 pm
How can you restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm – 8:00 am on weekdays?
You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp.
Continue reading ‘Time Based iptables rules with patch-o-matic extension’ »
May 15, 2008, 9:13 am
So you learned how to write your own iptables, unfortunately if you got it configured just the way you want and you reboot, your rules are lost. These few steps will correct that in no time.
Continue reading ‘Iptables: How to save and restore rules at boot & shutdown’ »
May 14, 2008, 9:47 am
SSH is one of the most secure communication methods we have. It’s encrypted, and even the passwords can’t be sniffed. But it’s not invincible. Weak passwords can be brute forced and open ports invite automated bots looking for that open port 22. But there’s a number of ways we can harden our ssh server.
Note: Ubuntu, Mint, Linspire, and Debian Readers, please read this regarding an OpenSSL Vulnerability:
Continue reading ‘The Ultimate SSH Security Tutorial’ »
April 4, 2008, 3:44 pm
Alot of people are freaked out by IPTables and find it hard to understand. However, once you get the grasp of it the basics are easy. This document will serve as a basic how-to on using iptables.
Continue reading ‘Basics of iptables’ »
