[debian 9] Block WAN traffic but allow LAN traffic


Recommended Posts

fehuris

Hey guys,

 

I have a machine setup as a file server running OMV (on Debian 9) hooked to my wireless router which also is the gateway to internet. What I want to do is block my file server from sending/receiving WAN traffic but allow LAN traffic. I did find some guides on stackexchange to do this by using iptables, but I need this for nftables. I have recently started learning Linux but I'm not familiar with this level of configuration. Can this be done at the machine level? And if so, how would I go about it? Thanks in advance.

Link to post
Share on other sites
+BudMan

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

  • Thanks 1
Link to post
Share on other sites
fehuris
19 hours ago, BudMan said:

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Thanks. Removing the default gateway did the trick. 

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Whizlabs Online Certifications: lifetime membership now 98% off
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 97% off a lifetime membership to Whizlabs Online Certifications. Get lifetime access to affordable world-class certification training courses and gain new, essential industry skills.



      If you’re a practicing professional but want to learn more and expand your range, you can learn new skills and knowledge at your own pace with Whizlabs. Whizlabs is a pioneer among online training providers across the world. They provide online certification training for successful professionals in various disciplines, such as Cloud Computing, Java, Big Data, Project Management, Agile, Linux, CCNA, and Digital Marketing. These certifications are significant in the tech, software, sales, business development, and communication industries, and help professionals document their skills and knowledge to be known as an expert in their particular field.

      Launched in 2000, Whizlabs has helped more than 3 million professionals and 100+ companies across the world to succeed in their careers with multitudes of courses. If you want to boost your career or grow in your current field, then sign up for Whizlabs now!

      Access various courses on AWS, Microsoft, Google Cloud, Java, Linux & more Get certifications & validate and demonstrate your new skills Learn from subject-matter experts & certified professionals Get regularly updated content Good to know
      Length of time users can access this course: lifetime This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and instructor info, click here.

      Here's the deal:
      Lifetime membership to Whizlabs Online Certifications normally costs $4,499, but you can pick it up for just $129.99 for a limited time - that represents a saving of $4,369.01 (98%) off.

      Get this deal, or learn more about it
      See all discounted Online Courses. This is a time-limited offer.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other deals on offer you can check out here.



      Home Gym Giveaway | Bitcoin (BTC) Investment Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By News Staff
      Practical Linux Security Cookbook - Second Edition ($35.99 Value) Free Download
      by Steven Parker

      Claim your complimentary eBook (worth $35.99) for free, before the offer expires on 03/03.



      Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it.



      Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security aws, and these security aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system.

      With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux.

      By the end of this book, you will be able to secure your Linux systems and create a robust environment.

      This free offer expires on March 3.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Practical Linux Security Cookbook - Second Edition ($35.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 03/03/21.

      Not for you?
      That's OK, there are other deals on offer you can check out here.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By zikalify
      Debian 10.8 launches with new software patches and updates
      by Paul Hill

      Image via Alex Makas The Debian Project has announced the availability of Debian 10.8, the eighth update to its stable distribution Debian 10. Each time a point release is made available, a new ISO is spun with all the latest security fixes and software updates so that they do not need to be installed when Debian is installed on a new system.

      Some packages that have received updates with Debian 10.8 include Firefox ESR, Chromium, Flatpak, VLC, the Linux kernel, OpenSSL, X.Org, APT and Thunderbird. The NVIDIA graphics drivers have also been updated to a newer upstream version that fixes a denial of service issue.

      Appealing to users to think about the environment, the Debian Project said:

      Debian 10 was first launched on July 6, 2019, and it’s set to receive long-term support until 2024. Each new version of Debian arrives every two years but launch dates are not set in stone. If there aren’t any delays, Debian 11 should come out this year and Debian 10 will be demoted to the status of Old Stable alongside Debian 9 which is maintained by the main Debian security team until July 18, 2020.

    • By zikalify
      Canonical releases second point release of Ubuntu 20.04 LTS
      by Paul Hill



      Canonical has announced the availability of Ubuntu 20.04.2 LTS – the second point release for Ubuntu 20.04 LTS. As with other point releases, Canonical has spun a new ISO that includes all the security and software updates and it comes with the latest hardware enablement stacks so that newer hardware works properly.

      Ubuntu 20.04.2 LTS is available for the Desktop, Server, and Cloud products as well as other flavours of Ubuntu such as Kubuntu, Ubuntu Budgie, Ubuntu MATE, Lubuntu, Ubuntu Kylin, Ubuntu Studio, and Xubuntu. If you want to download any of the Ubuntu products or the spins, head over to the Ubuntu downloads page and find what you want.

      According to the Ubuntu 20.04 release notes page, Ubuntu 20.04.2 LTS ships with the Linux 5.8 kernel instead of Linux 5.4 which was the original kernel shipped last April when Focal Fossa came out. Those installing Ubuntu Server will have to opt-in to using the new kernel through the installer bootloader as it’s not the default choice.

      As with all Ubuntu LTS releases, you should expect security and software updates for five years until the first half of 2025. The derivative flavours are an exception, however, receiving support for just three years.

    • By LoneWolfSL
      Total War: Warhammer III announced by Creative Assembly, coming this year
      by Pulasthi Ariyasinghe

      The Total War: Warhammer trilogy that Creative Assembly began back in 2016 is concluding this year with the newly revealed third entry. After several teasers from the past few days, publisher Sega announced the latest turn-based and real-time strategy title today with a brand new cinematic trailer, catch it above.

      Total War: Warhammer III will have the conflict expanding to further territories like the Realms of Chaos and Lands of the East. New fantasy races are incoming too, with Kislev and Cathay, as well as Chaos factions Khorne, Nurgle, Slaanesh and Tzeentch. The studio promises to deliver the most diverse array of "legendary heroes, gargantuan monsters, flying creatures and magical powers that the series has ever seen."

      "Our vision, from the start, was to create a series that felt like an incredible journey through this world we all loved," said game director Ian Roxburgh. "The enormous support of our players in ensuring the success of the first two installments has pushed our ambition to new heights, and we can’t wait for everyone to experience it."

      Like in the first two games, Creative Assembly will allow players to combine the maps of the complete trilogy to have one massive campaign. However, this will arrive as a post-launch free update, as the studio's full focus is currently on Total War: Warhammer 3.

      Total War: Warhammer 3 is coming to Windows later this year, with Linux and macOS versions coming soon after. Both Steam and Epic Games Store versions are currently available for pre-order, and Creative Assembly will be bringing the previous two games and all their DLC to the latter store before the latest game's launch.