الجمعة، 28 مارس 2008

Linux Security iptables Tutorial

# global variable for iptables binaryIPTABLES="/sbin/iptables"

# configure default policies for system chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

# flush system chain policies
$IPTABLES -F

# allow everything from localhost
$IPTABLES -A INPUT -s 127.0.0.1/32 -j ACCEPT

# allow SSH (DO NOT REMOVE)
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

# comment the above line and un-comment the below for access control
# make sure to replace X.X.X.X/NN with your source network addresses
#$IPTABLES -A INPUT -p tcp --dport 22 -s X.X.X.X/NN -j ACCEPT

# comment the below line if you want your server to respond to ICMP (ping)
$IPTABLES -A INPUT -p ICMP -j DROP

# un-comment the below line if you are running a webserver
#$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

# unc-omment the below lines if you are running a mailserver
#$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
#$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT

ليست هناك تعليقات: