Problems with firewall configuration
acinetobacter
basilis at somewhere.gr
Tue Mar 23 23:58:29 EET 2004
On Tue, 23 Mar 2004 12:02:52 +0200, Tsabros Leonidas
<ltsampros at upnet.gr> wrote:
>Otan kapoios tha thelisei na dei to webpage poy tha exo valei tote to paketo
>poy tha steilei (an ola pane kala) tha erthei ston ipologisti moy kai tha
>filtraristei apoto firewall. Ara ta paketa poy tha steilei tha einai tcp me
>source port 80 kai destination port 80 (fevgoyn apo to 80 sto pc toy kai
>erxonte sto 80 ston server). Profanos h apantisi apoton web server tha ginei
>me ton antistrofo tropo.
Ston server soy ftanoyn sthn 80, alla apo ton client den feygoyn
apo thn port 80.
>Ara tha arkoyse se ena BOFH firewall me INPUT/
>OUTPUT/FORWARD POLICY DROP na exo ta eksis rules
>iptables -A INPUT -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED
>-j ACCEPT
>iptables -A OUTPUT -p tcp --dport 80 -m state --state ESTABLISHED,RELATED,NEW
>-j ACCEPT
>?
Katarxhn prepei na baleis input policy na einai drop, dhladh:
iptables -P INPUT DROP
To rule soy gia to input einai ok.
Thn policy gia to output mporeis me sxetika apolyth asfaleia na thn
exeis accept, opote to rule poy ebales gia to output einai peritto -
ftanei to ejhs:
iptables -P OUTPUT ACCEPT
Ejypakoyetai bebaivs oti prepei sto firewall na anoijeis kai ta
ypoloipa ports poy xrhsimopoioyn services poy tyxon trexeis, px ftp,
dns, ssh, ktl. Epishs, prepei na deis kai ti tha kaneis me thn forward
policy kai fysika ta antistoixa rules.
acinetobacter (aka %tsapi%)
bts1990 at 1990panafonet.gr (delete 1990 to email)
More information about the Linux-greek-users
mailing list