Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Scaricare il pdf (Pagina 24)

# ipchains.sh

# An example of a simple ipchains configuration.

# This script allows ALL outbound traffic, and denies

# ALL inbound connection attempts from the outside.

###################################################################

# Begin variable declarations and user configuration options ######

IPCHAINS=/sbin/ipchains

# This is the WAN interface, that is our link to the outside world.

# For pppd and pppoe users.

# WAN_IFACE="ppp0"

WAN_IFACE="eth0"

## end user configuration options #################################

###################################################################

# The high ports used mostly for connections we initiate and return

# traffic.

LOCAL_PORTS=`cat /proc/sys/net/ipv4/ip_local_port_range |cut −f1`:\

`cat /proc/sys/net/ipv4/ip_local_port_range |cut −f2`

# Any and all addresses from anywhere.

ANYWHERE="0/0"

# Let's start clean and flush all chains to an empty state.

$IPCHAINS −F

# Set the default policies of the built−in chains. If no match for any

# of the rules below, these will be the defaults that ipchains uses.

$IPCHAINS −P forward DENY

$IPCHAINS −P output ACCEPT

$IPCHAINS −P input DENY

# Accept localhost/loopback traffic.

$IPCHAINS −A input −i lo −j ACCEPT

# Get our dynamic IP now from the Inet interface. WAN_IP will be our

# IP address we are protecting from the outside world. Put this

# here, so default policy gets set, even if interface is not up

# yet.

WAN_IP=`ifconfig $WAN_IFACE |grep inet |cut −d : −f 2 |cut −d \ −f 1`

# Bail out with error message if no IP available! Default policy is

# already set, so all is not lost here.

[ −z "$WAN_IP" ] && echo "$WAN_IFACE not configured, aborting." && exit 1

# Accept non−SYN TCP, and UDP connections to LOCAL_PORTS. These are

# the high, unprivileged ports (1024 to 4999 by default). This will

# allow return connection traffic for connections that we initiate

# to outside sources. TCP connections are opened with 'SYN' packets.

$IPCHAINS −A input −p tcp −s $ANYWHERE −d $WAN_IP $LOCAL_PORTS ! −y −j ACCEPT

# We can't be so selective with UDP since that protocol does not

# know about SYNs.

$IPCHAINS −A input −p udp −s $ANYWHERE −d $WAN_IP $LOCAL_PORTS −j ACCEPT

## ICMP (ping)

# ICMP rules, allow the bare essential types of ICMP only. Ping

Security Quick−Start HOWTO for Red Hat Linux

5.2.1. ipchains 21

1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 81 82

Commenti su questo manuale

Nessun commento

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 24

Commenti su questo manuale