Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Plain Text by blip ( 16 years ago )
Summary of relevant rules from:
http://blogs.techrepublic.com.com/10things/?p=539
// block all inbound
iptables -A INPUT -p tcp -syn -j DROP
//"you’ll need to add an iptables rule for the service and make sure that service rule is run before rule to drop all incoming traffic."
// open specific inbounds
iptables -A INPUT -p tcp –syn –destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp –syn –destination-port 6665 -j ACCEPT
// if the machine iniates some communication with a remote server on a port, this allows associated incoming traffic. I think
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
// logging dropped packets
iptables -N LOGDROP
iptables -A logdrop -J LOG
iptables -A logdrop -J DROP
// SYN flood protection rule
iptables -A INPUT -p tcp –syn –dport 25 -j ACCEPT // blocks DoS attacks on a mail server port
iptables -A INPUT -p tcp –syn –dport 6665 -j ACCEPT // ...
iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 4 -j ACCEPT // actual SYN flood protection
iptables -A INPUT -p tcp –syn -j DROP // drop all SYN flood packets
// block furtive port scanning
iptables -N port-scan
iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A port-scan -j DROP
9. // NOT SURE THIS IS NEEDED ???
iptables -A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports ssh,smtp,http,https -j ACCEPT
Revise this Paste
Parent: 14424