stateful firewall security holes
zakinthinos at freemail.gr
zakinthinos at freemail.gr
Sat Aug 26 19:36:11 EEST 2006
εχει το παρακατω καποιες πιθανες τρυπες ασφαλειας ?
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -F
iptables -X
iptables -Z
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
iptables -A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED,RELATED -s $PPP_LOCAL -j ACCEPT
iptables -A OUTPUT -i !lo -s 127.0.0.1 -j DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -j LOG --log-prefix " OUTPUT: " --log-level debug --log-uid
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,RST RST -j DROP
iptables -A INPUT -i !lo -s 127.0.0.1 -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -p tcp -d $PPP_LOCAL --dport 1024: -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -p udp -d $PPP_LOCAL --dport 1024: -j ACCEPT
iptables -A INPUT -j LOG --log-prefix " INPUT: " --log-level debug --log-uid
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
More information about the Linux-greek-users
mailing list