A little bit of wisdom
I was getting the following message in my log files on my Debian firewall. kernel: conntrack: generic helper won’t handle protocol 47. Please consider loading the specific helper module. The nf_conntrack_proto_gre module needs to be loaded to resolve this. modprobe nf_conntrack_proto_gre To load it automatically at boot, I created a new file (gre.conf) in /etc/modules-load.d […]
I wanted to enable ulogd for my firewall logging, but after finding several sites with examples, none of them worked for me. So after gathering snippets of info from various sites, I managed to put a working configuration together, which is what you see here. This is on Debian 8.9 (Jessie) Install ulogd (ulogd is […]
ipsets is a fairly recent addition to the netfilter family. It is possible to define networks / addresses and then use them in iptables. ipset –create bogons nethash ipset –add bogons 10.0.0.0/8 ipset –add bogons 192.168.0.0/16 ipset –add bogons 0.0.0.0/8 ipset –add bogons 169.254.0.0/16 ipset –add bogons 172.16.0.0/12 ipset –add bogons 192.0.2.0/24 ipset –add bogons […]
by