search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 80

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 79
−−dport $i −j ACCEPT
$IPTABLES −t nat −A PREROUTING −p tcp −d $WAN_IP −−dport $i \
−j DNAT −−to $FORWARD_HOST:$i
done
## Open, but Restricted Access ports
#
# Allow DHCP server (their port 67) to client (to our port 68) UDP
# traffic from outside source.
[ −n "$DHCP_SERVER" ] &&\
$IPTABLES −A INPUT −p udp −s $DHCP_SERVER −−sport 67 \
−d $ANYWHERE −−dport 68 −j ACCEPT
# Allow 'identd' (to our TCP port 113) from mail server only.
[ −n "$MAIL_SERVER" ] &&\
$IPTABLES −A INPUT −p tcp −s $MAIL_SERVER −d $WAN_IP −−dport 113 −j ACCEPT
# Open up Public server ports here (available to the world):
for i in $PUBLIC_PORTS; do
$IPTABLES −A INPUT −p tcp −s $ANYWHERE −d $WAN_IP −−dport $i −j ACCEPT
done
# So I can check my home POP3 mailbox from work. Also, so I can ssh
# in to home system. Only allow connections from my workplace's
# various IPs. Everything else is blocked.
$IPTABLES −A INPUT −p tcp −s 255.10.9.8/29 −d $WAN_IP −−dport 110 −j ACCEPT
## ICMP (ping)
#
# ICMP rules, allow the bare essential types of ICMP only. Ping
# request is blocked, ie we won't respond to someone else's pings,
# but can still ping out.
$IPTABLES −A INPUT −p icmp −−icmp−type echo−reply \
−s $ANYWHERE −d $WAN_IP −j ACCEPT
$IPTABLES −A INPUT −p icmp −−icmp−type destination−unreachable \
−s $ANYWHERE −d $WAN_IP −j ACCEPT
$IPTABLES −A INPUT −p icmp −−icmp−type time−exceeded \
−s $ANYWHERE −d $WAN_IP −j ACCEPT
# Identd Reject
#
# Special rule to reject (with rst) any identd/auth/port 113
# connections. This will speed up some services that ask for this,
# but don't require it. Be careful, some servers may require this
# one (IRC for instance).
#$IPTABLES −A INPUT −p tcp −−dport 113 −j REJECT −−reject−with tcp−reset
###################################################################
# Build a custom chain here, and set the default to DROP. All
# other traffic not allowed by the rules above, ultimately will
# wind up here, where it is blocked and logged, unless it passes
# our stateful rules for ESTABLISHED and RELATED connections. Let
# connection tracking do most of the worrying! We add the logging
# ability here with the '−j LOG' target. Outgoing traffic is
# allowed as that is the default policy for the 'output' chain.
# There are no restrictions placed on that in this script.
# New chain...
$IPTABLES −N DEFAULT
# Use the 'state' module to allow only certain connections based
# on their 'state'.
$IPTABLES −A DEFAULT −m state −−state ESTABLISHED,RELATED −j ACCEPT
Security Quick−Start HOWTO for Red Hat Linux
8.10.2. iptables II 77
Vedere la pagina 79
1 2 ... 75 76 77 78 79 80 81 82

Commenti su questo manuale

Nessun commento
  • Depaepe Telecom Milliken Millwork Funai Pressure Systems Columbia-Spas
  • Sony Sistemi per videoconferenza Omron Switch di rete National Instruments Moduli I/O digitali e analogici JANOME Macchine da cucire Gerber no
  • Canon PowerShot G10 Sony DVP-NS415 Indesit LR9 S1Q F X LG GSL960PZBV Frigidaire FFGC3613LS
  • Pioneer AVIC F900BT Manuale Utente Enterasys 08G20G4-48P Scheda Tecnica Linksys WMCE54AG Manuale Utente Electrolux EOB98000X Manuale Utente Altronix RBSNTTL Scheda Tecnica