Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server | All about OS

Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

Категория: Securing and Optimizing

# ipchains -A input -i $EXTERNAL_INTERFACE -p 50 \
# -s $IPSECSG -j ACCEPT
# ipchains -A output -i $EXTERNAL_INTERFACE -p 50 \
# -d $IPSECSG -j ACCEPT
# ipchains -A input -i $EXTERNAL_INTERFACE -p 51 \
# -s $IPSECSG-j ACCEPT
# ipchains -A output -i $EXTERNAL_INTERFACE -p 51 \
# -d $IPSECSG -j ACCEPT
# Allow all traffic to FreeS/WAN Virtual Interface
# ipchains -A input -i $FREESWANVI \
# -s $ANYWHERE \
# -d $ANYWHERE -j ACCEPT
# ipchains -A output -i $FREESWANVI \
# -s $ANYWHERE \
# -d $ANYWHERE -j ACCEPT
# Forward anything from the FreeS/WAN virtual interface IPSEC tunnel
# ipchains -A forward -i $FREESWANVI \
# -s $ANYWHERE \
# -d $ANYWHERE -j ACCEPT
# Disable IP spoofing protection to allow IPSEC to work properly
# echo 0 > /proc/sys/net/ipv4/conf/ipsecO/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/ethO/rp_filter
# Masquerade internal traffic.
# All internal traffic is masqueraded externally.
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
# Enable logging for selected denied packets
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -d $IPADDR -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ -d $IPADDR $PRIVPORTS -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ -d $IPADDR $UNPRIVPORTS -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -s $ANYWHERE 5 -d $IPADDR -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -s $ANYWHERE 13:255 -d $IPADDR -j DENY -I stop)

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

« Build a kernel with Firewall Masquerading and Forwarding support
Deny access to some address »