#StackBounty: #firewall #google-app-engine Trouble restricting access to app engine flexible service using VPC

Bounty: 100

I am trying to restrict access to a specific App Engine Flex service in a project with multiple services using VPC firewall rules. I created a VPC network called “vpc” using automatic subnet creation and global dynamic routing. Next, I deployed my App with the following yaml file (names slightly changed):

runtime: custom
env: flex
service: someservice
manual_scaling:
    instances: 1
resources:
    cpu: 1
    memory_gb: 4.0
    disk_size_gb: 10
beta_settings:
    cloud_sql_instances: cloud
network:
    name: vpc

As you can see, I specified a network in the yaml file to run the app in vpc. Then, I created two firewall rules in VPC to allow access to only specific IPs. I first created a firewall rule called “deny” to deny access to the vpc network for all IP ranges:

gcloud compute firewall-rules create deny 
    --network vpc 
    --action deny 
    --direction ingress 
    --rules tcp 
    --source-ranges 0.0.0.0/0 
    --priority 5000

Finally, I created another rule named “allow” to allow a single IP address (e.g. 192.00.00.11):

gcloud compute firewall-rules create allow 
    --network vpc 
    --action allow 
    --direction ingress 
    --rules tcp 
    --source-ranges 192.00.00.11 
    --priority 1000

However, after performing the above I am still able to access the app engine service from pretty much any IP I tested (used my phone’s data and also asked friends for sanity check). What am I doing wrong? Any help is greatly appreciated!

Note: similar problem: https://stackoverflow.com/questions/49296666/google-app-engine-firewall-restrict-access-to-all-services-but-the-default-one


Get this bounty!!!

#StackBounty: #ubuntu #firewall #android #port #kde-connect KDE Connect Not Working [Ubuntu 16.04] : KDE Connect is not discovering pho…

Bounty: 50

I have installed the KDE Connect application on my desktop and also on my phone [Xiaomi Redmi 3S Prime]. But the desktop application would not detect my phone and vice versa.
I have checked the ports. They are open. There is no firewall installed. I have also tried adding my PC manually by entering the IP address in the Android App and that did not work. I also tried restarting the kdeconnectd daemon but that also didn’t work for me.

EDIT:
Here are the things that I have tried.

  1. Check if the kdeconnectd daemon is running.
    enter image description here

  2. Check if I have the ports blocked and if firewall is enabled.
    enter image description hereenter image description here

  3. Check if KDE Connect is listening on the port.
    enter image description here

Please help with all the solutions you can.

PS. It might seem like a duplicate but I have tried almost all the solutions out there but none of it seems to work for me. Hence, I am here.


Get this bounty!!!

#StackBounty: #networking #18.04 #iptables #firewall iptables match error "No chain/target/match by that name"

Bounty: 100

This is a fresh copy of ubuntu on my nVidia Jetson Nano, and I am trying to add the following rule to block network access for user 1001.

sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner 1001 -j DROP

I get the following error:

iptables: No chain/target/match by that name.

Here is what I tried that works(YES) and does not work(NOT)

  1. YES – Remove the match criteria and replace with some other condition like source or target
  2. YES – On another similar installation on raspberry pi
  3. NOT – Change chain or target to INPUT or ACCEPT etc..
  4. NOT – Use a different user
  5. NOT – Try using user names instead of user ID
  6. NOT – Try a different match like –gid-owner
  7. NOT – Flushing the tables, restarting the PC etc
  8. NOT – Removed the ! -o lo from the command above

This is beyond me, I really have tried a lot of things and read through a number of posts with the same error – most of the times they are trying to do something complex – yet this is simple (and works on my other installation!). Any thoughts on how to understand this would be appreciated. Thanks!

EDIT: Based on comment below, here are the outputs:

grep CONFIG_NETFILTER_XT_MATCH /boot/config-$(uname -r)

grep: /boot/config-4.9.140-tegra: No such file or directory

I manually checked for the file and there’s no file that starts with config-XX in the boot folder. Additionally:

iptables -m owner --help

Could not determine whether revision 1 is supported, assuming it is.

….

owner match options:

[!] –uid-owner userid[-userid] Match local UID

[!] –gid-owner groupid[-groupid] Match local GID

[!] –socket-exists Match if socket exists


Get this bounty!!!

#StackBounty: #networking #server #firewall Shorewall – Allow Client to Ping Internet but Not Use the Browser or Port 80

Bounty: 50

My network address is 192.168.5.0. My host machine is 192.168.5.1 and my client machine is 192.168.5.2. How will I enable my client to ping the internet through the terminal but restrict it from using port 80 or the browser? Below is my /etc/shorewall/policy file :

SOURCE    DEST    POLICY    LOGLEVEL   RATE    CONNLIMIT

loc       net     ACCEPT

net       all     DROP      info

/etc/shorewall/rules file:

DROP    loc    fw    tcp   80

/etc/shorewall/interfaces file :

net   eth0
loc   eth1

Host Interfaces:

eth0 - Connection to the internet
eth1 - Local Network Connection

Please tell me, if I still have to provide more details. Using the configuration above, my client is unable to ping any internet website and at the same time cant access any site from the browser.


Get this bounty!!!

#StackBounty: #firewall #rules #slackware #policy #shorewall Shorewall – Allow Client to Ping Internet but Not Use the Browser or Port 80

Bounty: 50

My network address is 192.168.5.0. My host machine is 192.168.5.1 and my client machine is 192.168.5.2. How will I enable my client to ping the internet through the terminal but restrict it from accesing port 80 or the browser? Below is my /etc/shorewall/policy file :

SOURCE    DEST    POLICY    LOGLEVEL   RATE    CONNLIMIT

loc       net     ACCEPT

net       all     DROP      info

/etc/shorewall/rules file:

DROP    loc    fw    tcp   80

/etc/shorewall/interfaces file :

net   eth0
loc   eth1

Host Interfaces:

eth0 - Connection to the internet
eth1 - Local Network Connection


Get this bounty!!!

#StackBounty: #firewall #bridge #mikrotik #filter How to debug Mikrotik bridge filter forward rules not having any effect?

Bounty: 50

As part of diagnosing a different problem were trying to add a bridge filter rule that will stop all traffic from forwarding between two interfaces on a bridge.

The router has two interfaces ether1 and ether2 on a bridge.

we then added a rule with this

/interface bridge filter
add action=drop chain=forward in-interface=ether1

i had expected this to stop all traffic that arrived on ether1 from being forwarded across the bridge and going out ether2. However traffic continues to flow and this rule has no effect.


Get this bounty!!!