kdaside.blogg.se

9 Juli 2023 - 16:09
Iptables list
Allmänt
Iptables list





iptables list

$ sudo iptables -L -v -n Chain INPUT (policy DROP 2 packets, 92 bytes) List all firewall rules to verify that executed commands are applied as desired. Iptables -A OUTPUT -j chain-outgoing-services Iptables -A INPUT -p tcp -dport 22 -j chain-incoming-ssh # Accept incoming/outgoing packets for established connections Iptables -A INPUT -m conntrack -ctstate INVALID -j DROP Iptables -A chain-states -p icmp -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT Iptables -A chain-states -p udp -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT

iptables list

Iptables -A chain-states -p tcp -m conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT # Define chain to allow established connections Iptables -A chain-outgoing-services -j DROP Iptables -A chain-outgoing-services -p icmp -j ACCEPT Iptables -A chain-outgoing-services -p tcp -dport 22 -j ACCEPT Iptables -A chain-outgoing-services -p tcp -dport 443 -j ACCEPT Iptables -A chain-outgoing-services -p tcp -dport 80 -j ACCEPT Iptables -A chain-outgoing-services -p udp -dport 123 -j ACCEPT Iptables -A chain-outgoing-services -p tcp -dport 123 -j ACCEPT Iptables -A chain-outgoing-services -p udp -dport 53 -j ACCEPT Iptables -A chain-outgoing-services -p tcp -dport 53 -j ACCEPT # Define chain to allow particular services Iptables -A chain-incoming-ssh -s 192.168.1.149 -j ACCEPT Iptables -A chain-incoming-ssh -s 192.168.1.148 -j ACCEPT # Define chain to allow particular source addresses There's probably cleaner/more efficient ways of doing this, so feel free to share any improvements.Create an iptables firewall using custom chains that will be used to control incoming and outgoing traffic.Ĭreate an iptables firewall that will allow already established connections, incoming ssh for given source addresses, outgoing icmp, ntp, dns, ssh, http, and https. $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG -log-prefix "" -m limit -limit 3/min -limit-burst 10ĭisclaimer: I'm not a full-time coder and created/modified these to help solve problems that I encountered. # add the ip address log rule to the chain # iterate through all known spamming hostsįor IP in $( cat $FILE | egrep -v '^ ' | awk '' ) do Creating new chain and adding Spamhaus list." Applying updated Spamhaus list."Įcho "Chain not detected. # check to see if the chain already existsĮcho "Flushed old rules.







Iptables list
0 kommentar(er)
Om Mig: