# Block fragments and Xmas tree as well as SYN,FIN and SYN,RST $IPT -A INPUT -p tcp –dport 443 -m state –state NEW -j ACCEPT $IPT -A INPUT -p tcp –dport 80 -m state –state NEW -j ACCEPT $IPT -A INPUT -p tcp –dport 22 -m state –state NEW -j ACCEPT $IPT -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp ! –syn -m state –state NEW -j DROP $IPT -A INPUT -p icmp –icmp-type timestamp-reply -m state –state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p icmp –icmp-type timestamp-request -m state –state NEW -j ACCEPT $IPT -A INPUT -p icmp –icmp-type time-exceeded -m state –state NEW -j ACCEPT $IPT -A INPUT -p icmp –icmp-type destination-unreachable -m state –state NEW -j ACCEPT $IPT -A INPUT -p icmp –icmp-type echo-request -m limit –limit 5/s -m state –state NEW -j ACCEPT
$IPT -A INPUT -p icmp –icmp-type echo-reply -m state –state ESTABLISHED,RELATED -j ACCEPT # Allow incoming and outgoing for loopback interfaces # By default, drop everything except outgoing traffic In this tutorial we’ll configure some rules and load them into iptables on startup.Ĭreate a new file that will contain a shell script to insert rules into iptables (pico /etc/firewall-rules.sh) and add this content as template: Published with WordPress.īy default iptables is setup on Debian etch but there are no rules configured.
0 kommentar(er)
