Qortal Project

The future of blockchain platforms

User Tools

Site Tools

Trace:
hardware_-_firewall_rules

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
hardware_-_firewall_rules [10/08/2019 01:57] dmaxhardware_-_firewall_rules [10/08/2019 02:46] dmax
Line 25: Line 25:
 == Only few commands you will ever need == == Only few commands you will ever need ==
  
-This section assumes you are already SSH'ed into the QORT router. Look at Getting Started [[hardware_-_getting_started|Work in progress]]+This section assumes you are already SSH'ed into the QORT router. Look at Getting Started [[hardware_-_getting_started|Getting Started]]
  
 * iptables -L -v ( list current firewall rules ) \\ * iptables -L -v ( list current firewall rules ) \\
Line 41: Line 41:
 //**Block HTTP**// /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP \\ //**Block HTTP**// /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP \\
 //**Block HTTPS**// /sbin/iptables -A OUTPUT -p tcp --dport 443 -j DROP \\ //**Block HTTPS**// /sbin/iptables -A OUTPUT -p tcp --dport 443 -j DROP \\
-//**Block common Socks**// /sbin/iptables -A OUTPUT -p tcp --dport 1080 -j DROP \\ 
 //**Block outoing DNS**// /sbin/iptables -A OUTPUT -p udp  --dport 53 -j DROP \\  //**Block outoing DNS**// /sbin/iptables -A OUTPUT -p udp  --dport 53 -j DROP \\ 
  
- Block incoming port: /sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP. //It works same as outgoing port syntax. Simply enter port numbers of running services you do not want accessed outside your network.// +//**Block incoming port:**// /sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP. //It works same as outgoing port syntax. Simply enter port numbers of running services you do not want accessed outside your network.// 
  
 Examples: \\ Examples: \\
  
-//**Block HTTP**// /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP+//**Block HTTP**// /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP \\ 
 +//**Block HTTPS**// /sbin/iptables -A INPUT -p tcp --destination-port 443 -j DROP \\ 
 + 
 +//**Monitoring Traffic Flow on Router**// 
 + 
 +It is fairly simple to view what is happening on the router. The pre-installed utility "tcpdump" does all that in a human readable view. Your QORT router comes ready with either your own recursive DNS or a DNS forwarded and to monitor all your DNS lookups, you simple paste this command in terminal: \\ 
 + 
 + //tcpdump port 53 and '(tcp-syn|tcp-ack)!=0' 
 +// \\ 
 + 
 +Note that port 53 is used for DNS queries. If you want to see the web site traffic, replace it with port 80. 
 + 
 +//**Monitoring Tor Flow on Router**// 
 + 
 +Your QORT device comes ready with your own Tor dedicated gateway. You can use it for all types of internet traffic on the router itself and on connected devices such as browsers, QT wallets, Torrents for safety and privacy which is a big deal these days.\\ 
 +{{ :nyx.png?400 |}} 
 + 
 +For details on Tor access and its utilisation for connected, head over to [[hardware_-_service_access|Service Access]]
hardware_-_firewall_rules.txt · Last modified: 02/20/2023 19:08 by quickmythril

Page Tools