[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [TEKNIK] Regel for SSH i iptables





Bent Bagger skrev:
Verner Kjærsgaard skrev:

Tak for rådet, men jeg har en anden erfaring med SuSE9, 10 og 11. Plus
SLES og SLED. Nemlig at "iptables -F" nok rydder tabellen osv., men
samtidig knuser netværket. Så jeg fra en konsol SKAL give "rcnetwork
restart".  Jeg har dummet mig med -F flere gange. Det er sikkert nok en
bug i SuSE, men altså alligevel...


Det er ikke nødvendigvis en fejl i SUSE. -F sletter godt nok alle
regler, men den ændrer ikke ved 'default policy' så hvis den er sat til
DROP, så bliver der lukket helt i ;-) Af samme grund bruger jeg aldrig
default policy, men sørger for at have en eksplicit DROP-regel sidst i
kæderne.

En anden taktik kunne være denne: Når man piller ved firewall'en skal
man vente med at sætte reglerne ind i startscriptet (som man f.eks. gør
i Gentoo ved /etc/init.d/iptables save - andre distributioner har nok
noget tilsvarende), men udfører dem 'i hånden'.

Dernæst bruger man 'at'-kommandoen til at sikre en reboot om f.eks. 5 min:

at now "+5min"
reboot
^D

Hvis man så bliver 'lukket ude' fordi man kvajer sig, så venter man blot
5 minutter, hvorpå maskonen rebooter og vel at mærke kommer op med et
sæt firewall-regler, der virker.

Skulle man - mod forventning? - have fået et godt sæt regler, kan man
annullere reboot'en med atrm-kommandoen.

Bent



Mange tak for de mange gode svar!
"..men sørger for at have en eksplicit DROP-regel sidst i kæderne.."
- må jeg se et eksempel :-?


--
------------------------------
Med venlig hilsen/Best regards
Verner Kjærsgaard
Open Source Academy
+45 56964223

Novell Certified Linux Professional 10035701
------------------------------



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2009-04-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *