#!/bin/bash
# If you use the kernel modules, make sure they are loaded
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_state
modprobe ipt_REJECT
modprobe ipt_LOG
# added in case you are reloading
iptables --flush
# drop all inbound by default
iptables -P INPUT DROP
# always allow loopback
iptables -A INPUT -i lo -j ACCEPT
# Allow return traffic
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
# Allow ICMP
iptables -A INPUT -p icmp -m icmp -j ACCEPT
## SSH (Limit connection attempts)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp -m tcp --source 192.168.0.0/24 --dport 22 -j ACCEPT
# Log and Block
iptables -A INPUT -j LOG --log-prefix IN-FILTERBLOCK
iptables -A INPUT -j REJECT
Thursday, July 23, 2009
Basic iptables rules
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2009
(32)
-
▼
July
(16)
- My laptop backup plan
- How to clone a Linux box
- How active directory determins what DNS server to ...
- Using rancid to mass update multiple network devices
- Ways to boot Solaris with verbose output
- Sun install MetaClusters
- Quick reference guide to create a new Solaris SMF ...
- How to attach SAN/FC disks to a Solaris 10 system ...
- Instructions on booting a Sun Solaris 10 T2000 fro...
- How to transfer a file with a webserver, uuencode,...
- How to make Solaris 9 recognize SAN attached storage
- Basic ipfilter rules
- Cable Pinouts (ether, t1, e1, etc)
- Using `bc` for base conversoin
- Basic iptables rules
- ASCII Table
-
▼
July
(16)

No comments:
Post a Comment