firewall configuration
Leonidas Tsabos
ltsampros at upnet.gr
Sat Mar 27 12:46:03 EET 2004
To firewall etsi opos to exo stisei afti tin stigmi einai kapos etsi:
!/bin/bash
iptables --flush
iptables -X
iptables -F
iptables -Z
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP #default,kopsimo
iptables --policy FORWARD DROP #default,kopsimo
#To lo ta dexete ola.
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED
-j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED
-j ACCEPT
iptables -A INPUT -p icmp -j REJECT --reject-with icmp-host-unreachable
#Ta parapano einai gia na dexome ego connections poy exo anoiksei.
#RELATED,ESTABLISHED nomizo oti einai peritta kai stoys dyo kanones -p tcp
#--dport 80 kai --dport 22 dioti perilambanei aftin tin periptosi o 2
#kanonas.
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -m state --state RELATED,ESTABLISHED -j
ACCEPT #SSH
iptables -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT #HTTPS
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT #POP3
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT #SMTP
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT #dns
iptables -A OUTPUT -p icmp -j ACCEPT
#LOGGING
iptables -A INPUT -p tcp -j LOG --log-prefix "filter:incoming tcp dropped:"
iptables -A OUTPUT -p tcp -j LOG --log-prefix "filter:outcoming tcp dropped:"
iptables -A INPUT -j LOG --log-prefix "filter:incoming dropped:"
iptables -A OUTPUT -j LOG --log-prefix "filter:outcoming dropped:"
#entaksei edo pera isos kapoia stigmh na exei --log-level kai me vohtheia apo
#to syslog.conf na grafo ekei poy thelo to log moy.
More information about the Linux-greek-users
mailing list