http://www.posespace.com/posetool/default.aspx?AspxAutoDetectCookieSupport=1
http://www.posespace.com/Default.aspx?AspxAutoDetectCookieSupport=1
poniedziałek, 28 czerwca 2010
wtorek, 22 czerwca 2010
iptables dla serwera WWW
Przykład firewalla dla prostego serwera WWW/SSH
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables --flush
iptables --delete-chain
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo --source 127.0.0.1 --destination 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport http -j ACCEPT
#iptables -A INPUT -p tcp --dport https -j ACCEPT
iptables -A INPUT -j LOG -m limit --limit 40/minute
iptables -A INPUT -j DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables --flush
iptables --delete-chain
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -i lo --source 127.0.0.1 --destination 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state "ESTABLISHED,RELATED" -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport http -j ACCEPT
#iptables -A INPUT -p tcp --dport https -j ACCEPT
iptables -A INPUT -j LOG -m limit --limit 40/minute
iptables -A INPUT -j DROP
Subskrybuj:
Posty (Atom)
Posty
