Provlima me firewall kai httpd 2.0.48!
leonidas tsabros
ltsampros at upnet.gr
Wed Jan 7 15:08:56 EET 2004
Katarxin kali xronia se oloys,oi thermoteres efxes gia ena eftixismeno kai apodotiko 2004. To provlima poy antimetopizo einai to eksis katafera ston ipologisti moy ( slackware 9.1 P2 @ 400 64MB RAM ) na kano compile ton httpd 2.0.48 kai edosa tin entoli apachectl start gia na ksekinisi. Dokimazo na do ton server apo kapoion allon ipologisti dinontas gia url to hostname kai tzifos... ston idio ton server dokimasa lynx localost kai doyleve ara psiliastika oti to provlima egkeitai kapoy sto firewall kai to 100(x)elegksa kai den boro na vro poy einai to provlima.Dokimasa na katevaso to firewall teleios kai fisika o allos ipologistis ton eide kanonika.To configuration toy firewall einai to eksis:
iptables --flush
iptables -X
iptables -F
iptables -Z
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP #efault,kopsimo
iptables --policy FORWARD DROP # default,kopsimo
#To lo ta dexete ola.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A INPUT -p icmp -j REJECT --reject-with icmp-host-unreachable
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT #SSH
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #HTTP
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT #HTTPS
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT #POP3
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT #SMTP
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT #dns
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hellug.gr/pipermail/migrate2linux/attachments/20040107/85e5f6b1/attachment.htm>
More information about the Migrate2linux
mailing list