Setari/Settings firewall - iptable

#Flush all current rules from iptables
iptables –F

#Allow SSH connections on tcp port 22
iptables –A INPUT –p tcp –-dport 22 –j ACCEPT

#Set default policies for INPUT, FORWARD and OUTPUT chains
iptables –P INPUT DROP
iptables –P FORWARD DROP

#Set access for localhost
iptables –A INPUT –i lo –j ACCEPT

#Accept packets belonging to established and related connections
iptables –A INPUT –m state –-state ESTABLISHED,RELATED –j ACCEPT

iptables –A INPUT –p tcp –-dport 21 -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT

iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT

iptables -A INPUT -p tcp,udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --dport 3306 -j ACCEPT

    #Steam Friends Service
iptables -A INPUT -p udp --dport 1200 -j ACCEPT
iptables -A INPUT -p udp --dport 4380 -j ACCEPT

iptables -A INPUT -p udp --dport 27000:27015 -j ACCEPT
iptables -A INPUT -p udp --dport 27015:27030 -j ACCEPT
iptables -A INPUT -p tcp --dport 27014:27050 -j ACCEPT

iptables -A INPUT -p udp --dport 9987 -j ACCEPT #Voice
iptables -I INPUT -p tcp --dport 30033 -j ACCEPT #Data
iptables -I INPUT -p tcp --dport 41144 -j ACCEPT #TSDNS
iptables -I INPUT -p udp --dport 10011 -j ACCEPT #Query
iptables -A INPUT -p udp --dport 2011:2110 -j ACCEPT #Weblist, Accouting Server /licences)

#SA:MP (+Protection)
iptables -N SAMP-DDOS
iptables -A INPUT -p udp --dport 7777 -m ttl --ttl-eq=128 -j SAMP-DDOS
iptables -A SAMP-DDOS -p udp --dport 7777 -m length --length 17:604 -j DROP
iptables -A INPUT -p udp -m ttl --ttl-eq=128 -j DROP
iptables -A INPUT -p udp --dport 7777 -m limit --limit 6/s --limit-burst 12 -j DROP

#SA:MP (without Protection)
iptables -A INPUT -p udp --dport 7777 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 1022 -j ACCEPT

#Minecraft default port
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT

#Depending on program or game more ports will be opened

#SYN-FLOOD This will detect all new TCP connections and will not allow not more than 1 new connections per second.
#This value can be edited as needed.
iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT

#Furtive port scanner
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT

#ACCEPT INCOMING PING (first 2 rules for protection smurf attacks/ping of death)
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT

# Droping all invalid packets
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

# Protecting portscans
# Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP

# Remove attacking IP after 24 hours
iptables -A INPUT -m recent --name portscan --remove

#SAVE iptables
service iptables save

#RESTART iptables
service iptables restart

#List iptables
iptables -L --line-numbers

  • iptables, firewall, rules, firewall rules
  • 122 utilizatori au considerat informația utilă
Răspunsul a fost util?

Articole similare

Setari/Settings firewall - firewall-cmd

Please open ONLY the services/ports that you have to use! See Firewalld services...

Hardening Counter Strike - Global Offensive iptable rules

Source of this tutorial: Hardening SRCDS with iptables rules A lot of people have been asking...

FreeDSB -Metin

pentru metin se foloseste ipfw si setarile de mai jos :   - vi /etc/rc.conf...

FreeBSD - General

pentru FreeBSD setari generale se foloseste ipfw si setarile de mai jos :   - vi /etc/rc.conf...

Powered by WHMCompleteSolution