I recently needed to whitelist some Microsoft service addresses. I found the following information containing the Microsoft IP space for services.
Exchange Online Protection IP Addresses – technet.microsoft.com/en-us/library/dn16…
I recently needed to whitelist some Microsoft service addresses. I found the following information containing the Microsoft IP space for services.
Exchange Online Protection IP Addresses – technet.microsoft.com/en-us/library/dn16…
cPanel WHM’s cpHulk system manages iptables blocks against IP addresses that fail to authenticate repeatedly. While the settings are fairly lenient and shouldn’t result in legitimate users being blacklisted, occasionally it can happen. The following command will reset the blocklist completely. While this is akin to using a shotgun when a scalpel is required, the blocks are time based and any malicious addresses would get quickly re-blocked.
iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"
There is a method to remove specific addresses, but I do not have the commands handy at present, and if I remember correctly it entails connecting to the mysql console, running a query to find the IP in the block table and issuing a drop query.
fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and libpcap. SPA is essentially next generation port knocking (more on this below). The design decisions that guide the development of fwknop can be found in the blog post “Single Packet Authorization: The fwknop Approach”.
fwknop Hone: www.cipherdyne.org/fwknop/
Tutorial: www.cipherdyne.org/blog/2012/10/tutorial…
SPA with fwknop: www.cipherdyne.org/fwknop/docs/SPA.html
I had to add some rules to IPtables on a new server I built. As a refresher, IPtables like most hardware firewalls, uses stateful packet inspection. It will read the rules in order from top to bottom. This is why we put a blanket deny all (0.0.0.0/0) at the end if we want to restrict access to only specific IP addresses.
To insert a rule at the top of the chain:
iptables -I INPUT -p tcp -m tcp -s 192.168.0.254/26 –dport 22 -j ACCEPT
Insert the same rule, but at the bottom:
iptables -A INPUT -p tcp -m tcp -s 192.168.0.254/26 –dport 22 -j ACCEPT
To deny access to the world (again this should be the last rule in the chain):
iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 –dport 22 -j DROP
To determine rule order:
iptables -L INPUT -n –line-numbers
To drop a rule based on the line number acquired above:
iptables -D INPUT <
Sometimes for some reason the APF is tripped, thinking the server is being hammered, when its actually not. The following command removes it from the list immediately:
/etc/apf/apf -u 10.10.10.10