Virus and Firewall
Giorgos Keramidas
keramida at ceid.upatras.gr
Sun Jun 6 14:15:52 EEST 2004
On 2004-06-05 22:54, V13 <v13 at priest.com> wrote:
>
> Ypotheto pos h poio apli texniki gia yperarketi asfaleia einai:
>
> iptables -F INPUT
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p udp -j ACCEPT
> iptables -A INPUT -p icmp -j ACCEPT
> iptables -A INPUT -p tcp -j REJECT --syn --reject-with tcp-reset
> iptables -A INPUT -j DROP
>
> ektos kai an to distribution toy bazei kapoio programma by-default to opoio
> akoyei se udp port.
Den exo dei teleutaia an paizei state keeping se UDP paketa sto Linux
alla sto ipfilter sto BSD mou ego prospatho na apofugo ta axrhsta UDP
paketa me kati san auto:
giorgos at gothmog:/home/giorgos$ grep udp /etc/ipf.rules
# Allow only outgoing udp packets.
pass out quick proto udp from any to any keep state
block return-icmp-as-dest(port-unr) in proto udp all
An kati tetoio paizei kai me ta iptables einai kalh fash :)
Anebazei ligo to forto tou mhxanhmatos afou prepei na krata dynamic
rules gia kathe UDP 'connection' alla se dialup mhxanhmata pou ta UDP
paketa pros ta ekso tha einai kuriws DNS lookups den peirazei toso polu.
Den exo kanei statistika me tous dynamikous kanones, ton ari8mo twn
paketwn kai to megethos tous (min,max,avg/stdev) alla einai mia kalh
idea gia na paikso mazi ths apopse :)
More information about the Linux-greek-users
mailing list