After discovering a compromised node in our self‑built Kubernetes cluster that was being used for Monero mining, we traced the breach to empty iptables rules and a misconfigured kubelet allowing anonymous API access, then outlined firewall hardening, network isolation, and secure kubelet practices to prevent future intrusions.
This guide outlines five practical SSH security measures—including two‑factor authentication, changing default settings, certificate‑based login, bastion host deployment, and firewall configuration—to significantly improve the baseline protection of Linux servers.
This guide walks through installing Node on CentOS 7, using npm to install Node-RED globally, launching the service, and opening the firewall so the editor is reachable at port 1880, including the required unsafe-perm flag for proper permission handling.
This comprehensive guide explains Linux firewall fundamentals, covering concepts, classifications, and detailed configurations of iptables, firewalld, and nftables, including NAT, SNAT, DNAT, rule syntax, extensions, optimization practices, and real‑world case studies with diagrams and mind maps to help both beginners and experienced administrators secure their systems.
This article explains how iptables, built on the Netfilter framework, processes network packets through five kernel hooks and four tables, covering the receive, send, and forward paths, and demonstrates practical NAT, DNAT, filter, raw, and mangle rules for Docker and Kubernetes environments.
This article explains why hidden backdoor code in open‑source projects can be risky, introduces the open‑source Java firewall ja‑netfilter, and provides detailed instructions on installing, configuring, and debugging it to protect Java applications from unauthorized access.
A self‑built Kubernetes cluster suffered a crypto‑mining intrusion due to empty iptables and a misconfigured kubelet, prompting a detailed post‑mortem that outlines the symptoms, root‑cause analysis, and practical hardening steps to protect similar environments.
This article provides a concise tutorial on using iptables to reset, delete, flush, list, and configure firewall rules on a Linux node, covering port blocking, IP blocking, rule negation, multi‑port matching, stateful filtering, and default policies.
This article explains firewalls by defining their purpose, describing how they monitor and filter network traffic, outlining their architecture—including screening routers and proxy servers—and listing their key security functions such as access control, traffic filtering, logging, and attack detection.
This article provides a comprehensive overview of iptables, explaining its table and chain architecture, detailing the built‑in tables (filter, nat, mangle, raw), describing common chains and targets, and offering practical command‑line examples for listing, flushing, persisting, and customizing firewall rules on Linux systems.
A recent incident revealed that a misconfigured kubelet and missing firewall rules allowed an attacker to hijack a node in a self‑built Kubernetes cluster for Monero mining, prompting a detailed post‑mortem and a set of hardening recommendations.
This guide explains the architecture of iptables—including tables, chains and rules—covers common targets, shows how to list, flush, persist and modify rules, and provides complete examples for SSH, HTTP, NAT port forwarding and source‑IP restrictions on Linux firewalls.
A Kubernetes node was compromised for Monero mining due to empty iptables, exposed kubelet API, and a commented‑out security flag, prompting a detailed forensic analysis and a set of hardening steps to secure the cluster against similar attacks.
This article provides a comprehensive guide to iptables, covering its underlying netfilter architecture, the five built‑in chains and tables, rule syntax, common match and target options, and practical command examples for adding, deleting, querying, and managing firewall rules on Linux systems.
This article explains how iptables filters network packets and provides a Bash script that monitors Nginx access logs, identifies high‑frequency IPs, and automatically adds firewall rules to drop those IPs, with a suggestion for more robust nginx‑Lua interception.
This guide walks through essential Linux security measures, covering common attack vectors, network and OS hardening, firewall configuration with iptables, user and group management, and detailed file‑permission techniques, providing practical commands and examples for robust system protection.
This article provides a comprehensive guide to using iptables for port forwarding, explains the four tables and five chains, details common command syntax, match criteria, actions, additional modules, and includes practical examples for NAT configuration and protecting against small‑scale attacks.
This guide details the step‑by‑step configuration of a Huawei USG firewall, including WAN interface setup, static routing, NAT and security policies, and LAN DHCP and zone settings, to allow a trusted internal network to reach the untrusted Internet.
This guide walks through installing Jenkins on CentOS 7, covering prerequisite JDK setup, repository configuration, service start‑up, troubleshooting common startup errors, firewall adjustments, and port configuration to get a functional CI/CD server.
This article explains how to partition data‑center networks, apply security‑level (等级保护) controls with firewalls and VRF, compares common three‑layer and flat topologies, and outlines future directions such as elasticity, simplicity, and openness for next‑generation data‑center networking.
This step‑by‑step guide shows how to enable security groups, install the BT control panel, configure firewall rules, deploy JDK and Tomcat, and install Docker on a Linux server, including all required commands and troubleshooting tips.
This tutorial walks through disabling ICMP ping, hardening a Linux web server with iptables, configuring a dual‑NIC gateway, and implementing DNAT port mapping, providing complete command examples, verification steps, and visual results for each scenario.
This article breaks down the fundamental iptables command syntax, explains each option and parameter, provides practical examples for adding, inserting, listing, deleting, and managing firewall rules, and covers common modules, backup, and restoration techniques for effective Linux network security.
This guide explains why Linux ping responses depend on both kernel parameters and firewall rules, and provides step‑by‑step commands to temporarily or permanently enable or block ping using /proc/sys settings, sysctl configuration, and iptables rules.
This guide details practical hardening techniques for Linux and Windows servers, covering SSH configuration, password policies, account lockout, su restrictions, ICMP suppression, firewall rules, RDP port changes, security policies, and disabling vulnerable services to significantly improve system security.
VeryNginx, built on the lua_nginx_module, adds a powerful firewall, access statistics, and a web UI to Nginx, with clear installation steps, reverse‑proxy and static‑resource configuration examples, and customizable matching and response rules for security management.
This article explains the fundamentals of Linux iptables—including its role with netfilter, rule ordering, tables and chains—then walks through packet‑processing flows and three practical scenarios such as Envoy traffic hijacking, massive long‑connection handling, and bastion‑host security.
This guide walks you through installing nftables on CentOS 7, creating a basic firewall with INPUT, FORWARD, and OUTPUT chains, leveraging built‑in sets and maps for efficient IP and port matching, implementing connection‑tracking, token‑bucket rate limiting for ICMP, handling TCP/UDP traffic, persisting rules, and configuring rsyslog logging.
This comprehensive guide explains Linux firewall fundamentals, the netfilter framework, firewalld architecture, zone and service management, command‑line and graphical tools, as well as practical examples of configuring zones, services, ports, rich rules, and troubleshooting common issues.
This guide explains why Linux dominates modern IT, then walks through fourteen practical hardening measures—including physical security, updates, minimal installations, login restrictions, user and file management, firewall configuration, package handling, disabling Ctrl‑Alt‑Del, monitoring, log centralization, backups, security tools, and management policies—to build a robust and attack‑resistant Linux server.
This comprehensive guide presents 25 practical Linux hardening techniques—from BIOS protection and disk partitioning to SELinux configuration, firewall rules, and user account management—helping system administrators strengthen server security and defend against potential attacks.
This article walks through twelve essential Linux security techniques—including console access restrictions, password aging, sudo notifications, SSH hardening, Tripwire intrusion detection, firewalld and iptables firewall management, compiler restrictions, immutable files, SELinux reporting, and sealert usage—providing commands and configuration tips to fortify a system.
This article presents a comprehensive guide on strengthening Linux systems by applying console restrictions, password policies, sudo notifications, SSH hardening, Tripwire intrusion detection, firewalld and iptables firewall management, compiler restrictions, immutable files, and SELinux tools such as aureport and sealert.
This article explains load balancing as a clustering technology that distributes network services across multiple devices or links to improve performance, scalability, reliability, and manageability, and it details various types, strategies, and algorithms used in modern networks.
Oracle's April Critical Patch Update fixes a high‑severity remote code execution vulnerability (CVE‑2018‑2628) in WebLogic, and this guide explains the affected versions, impact scope, detection methods, and both official and interim protection measures using NIPS and next‑generation firewalls.
This guide walks you through securing OpenSSH on Linux/Unix systems by configuring key‑based authentication, disabling root and password logins, restricting users, tightening firewall rules, applying rate limits, and using additional tools to protect against brute‑force attacks, all with concrete command examples.
This guide walks you through essential steps to secure a Linux server, including regular system updates, automatic security patches, creating restricted user accounts, hardening SSH with key authentication and daemon options, deploying Fail2Ban, removing unused services, and configuring firewalls for robust protection.
This guide explains how to permanently disable SELinux, temporarily change its mode, and provides a comprehensive tutorial on using iptables—including table concepts, basic commands, rule management, scripting, NAT configuration, and saving/restoring firewall rules—on Red Hat/CentOS Linux.
This guide outlines practical steps for constructing a secure enterprise operations platform, covering network zone segmentation, selection and deployment of firewalls, IPS/IDS/WAF, endpoint management, web traffic control, monitoring, disaster‑recovery procedures, and incident response best practices to protect corporate data and systems.
This guide walks through setting up a LAN with a static‑IP server, configuring iptables firewall rules, enabling NAT and port forwarding, and deploying a DHCP server on CentOS, complete with sample configuration files and command‑line steps.
This guide walks through practical Linux hardening steps—including minimal installation, SSH port changes, sudo privilege tailoring, extensive kernel sysctl tuning, firewall adjustments, system version hiding, file protection, and package installation strategies—to boost security and performance while keeping the system lean.
A poetic tale follows a programmer’s evolution from using shared memory for secret messages to mastering sockets, TCP handshakes, firewalls, and HTTP‑based web services, illustrating core networking concepts through a heartfelt metaphor.
This article provides a comprehensive, step‑by‑step guide to hardening a Linux system, covering console restrictions, password policies, sudo alerts, SSH tuning, Tripwire intrusion detection, firewalld and iptables management, compiler restrictions, immutable files, SELinux auditing with aureport, and the sealert tool.
This tutorial walks you through installing CentOS 7, configuring the firewall and SELinux, and setting up Apache, MariaDB, and PHP to create a functional LAMP environment, complete with testing and essential configuration tips.
This guide explains how to secure Linux servers against common attacks by configuring SELinux, iptables, SSH public‑key authentication, and immutable file attributes, while also showing real‑world scan results and practical hardening steps.
Discover 25 practical Linux hardening techniques—from BIOS protection and minimal package installation to SELinux configuration, firewall rules, and user account management—that help system administrators strengthen security, prevent attacks, and maintain a resilient, well‑configured server environment.
This guide walks through comprehensive Linux server hardening techniques, covering user account management, service minimization, file permission tightening, virtual memory tuning, log handling, and firewall configuration with iptables and ipchains, providing step‑by‑step commands and screenshots to enhance system security and stability.
This guide outlines ten essential security measures for enterprise Linux servers, covering password management, network service restriction, user account controls, root privilege handling, logging, firewall and IDS integration, vulnerability tracking, and regular patch updates to strengthen system protection.
This document provides a comprehensive set of Huawei router configuration commands covering system settings, SNMP, time, portal loading, security policies, ACL rules, user authentication, firewall zones, interface definitions, IP addressing, NAT, static routes, and user interface configurations.
This guide walks through iptables fundamentals—including listing, flushing, and setting default policies—then demonstrates adding, inserting, replacing, and deleting rules, explores basic and extended match modules, and provides practical exercises for building robust firewall configurations.
This guide walks through securing an Nginx web server by configuring buffer size limits, timeouts, concurrent connection controls, host and method restrictions, user‑agent blocking, hot‑link protection, directory access rules, SSL setup, PHP hardening, chroot isolation, and firewall‑level IP connection limits.
This guide demonstrates how to simulate a high‑traffic scenario between two machines and use an iptables rule to reject connections from a specific host when its concurrent requests exceed ten, including command syntax, execution steps, and result analysis.
This article provides an in‑depth technical overview of Linux Netfilter, explaining its hook architecture, key macros, packet‑processing flow, and how iptables interacts with the kernel to filter, NAT, and track connections across the IPv4 stack.
Learn the fundamentals of iptables firewall on Linux, including configuration file location, service control commands, the hierarchy of tables, chains, and rules, common targets, and essential iptables commands for listing and flushing rules.
This guide outlines comprehensive Linux security measures, covering password policies, user account management, service minimization, firewall configuration, kernel hardening, log monitoring, and ongoing vulnerability tracking to protect systems from common attacks.
This article presents a concise visual mind map of iptables, illustrating its core concepts, chains, tables, and typical rules, enabling readers to quickly grasp firewall configuration and operation at a glance in.
This guide explains how to protect Linux servers from SYN flood and DDoS attacks by tuning sysctl parameters, applying iptables rules, installing the free DDoS‑deflate script, and monitoring nginx logs to identify and block malicious IPs and user agents.
This guide explains how iptables functions as a Linux firewall, detailing packet traversal through the prerouting, input, forward, output, and postrouting chains, the four built‑in tables with their priorities, and essential commands for listing, clearing, and adding rules to secure network traffic.
This guide provides detailed commands to configure a switch for user access VLANs, set up a firewall as both a layer‑3 and layer‑2 device with VLAN interfaces, DHCP/DNS, security zones, static routing, and NAT to enable internal users to reach external networks.
This guide details how to set up USG firewall email filtering to block specific attachment types, limit attachment size, and prevent messages containing prohibited keywords by creating pattern groups, defining a mail‑filter policy, applying it to the outbound interzone firewall view, and verifying the configuration.
This comprehensive guide explains Linux firewall concepts, the evolution and operation of iptables, rule chains, policies, command syntax, matching criteria, state tracking, NAT/DNAT techniques, and practical exercises, providing readers with the knowledge to configure and manage secure network access effectively.
