A
A
Alexey2015-07-23 14:47:52
iptables
Alexey, 2015-07-23 14:47:52

Iptables, how to stop flooding from a machine to external IPs?

Colleagues help with advice, I'm not a great specialist in iptables, so I need your help.
The situation is as follows, there is software running on CentOS 6 that periodically sends information to various ips of the manufacturer's company. There are a lot of addresses and they change periodically, closing by ip is not an option. We need to stop this fountain. But leave the opportunity for users to work and connect remotely.
Those need to kill all traffic from the host, which is initiated by the host itself. But allow outgoing traffic for users, those of the reflexive acl type if you use the terms cisco.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Alexey, 2015-07-23
@wireshark

Thanks for your reply! But the analysis of requests will not help, it changes the ip where it sends information (and it seems that the list is periodically updated), it has already collected more than 15 addresses, it does not use dns. It is worth nailing one address, she starts sending to another. And ip from different subnets.
I solved everything with the rule:
iptables -I OUTPUT -o eth0 -m state --state NEW -j DROP

V
Vladimir, 2015-07-23
@rostel

analyze DNS requests from the software
register peeped zones on
127.0.0.1

owner
This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given effective (numerical) user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective (numerical) group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question