[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [TEKNIK] Regel for SSH i iptables



Verner Kjærsgaard skrev:
> 
> Mange tak for de mange gode svar!
> "..men sørger for at have en eksplicit DROP-regel sidst i kæderne.."
> - må jeg se et eksempel :-?
> 

Kim har giver et udmærket eksempel. For at udbygge det lidt, så laver
jeg min egen kæde (de udkommenterede regler er fra engang jeg ville se,
hvor slemt det stod til med de forskellige orme):

iptables -N LogAndDrop
#iptables -A LogAndDrop -p tcp --dport 1433 -j DROP    # The SPIDA worm
#iptables -A LogAndDrop -p udp --dport 1434 -j DROP    # Slammer
#iptables -A LogAndDrop -p tcp --dport 15118 -j DROP   # ?
# For the time being: drop everything
#iptables -A LogAndDrop -j LOG --log-prefix 'kernel: '
iptables -A LogAndDrop -j DROP

som jeg så kalder, når der er behov for at droppe noget, som f.eks sidst
i min INPUT chain:

#
# Log and drop all other traffic
#
iptables -A INPUT -j LogAndDrop
#

Bent


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2009-04-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *