Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

# Your Mail Hub Server.
# External pop server, if any
# External news server, if any
# Your syslog internal server
# Reserved loopback address range
# Class A private networks
# Class B private networks
# Class C private networks
# Class D multicast addresses
# Class E reserved addresses
# Broadcast source address
# Broadcast destination address
# Well known, privileged port range
# Unprivileged port range
# SSH starts at 1023 and works down to 513 for
# each additional simultaneous incoming connection.
SSH_PORTS=”1022:1023″ # range for SSH privileged ports
# traceroute usually uses -S 32769:65535 -D 33434:33523
TRACEROUTE_SRC_PORTS=”32769:65535″
TRACEROUTE DEST PORTS=”33434:33523″
# Default policy is DENY
# Explicitly accept desired INCOMING & OUTGOING connections

# Remove all existing rules belonging to this filter
ipchains -F
# Clearing all current rules and user defined chains
ipchains -X
# Set the default policy of the filter to deny.
# Don’t even bother sending an error message back,
ipchains -P input DENY
ipchains -P output DENY ipchains -P forward DENY
# set masquerade timeout to 10 hours for tcp connections
ipchains -M -S 36000 0 0
# Don’t forward fragments. Assemble before forwarding,
ipchains -A output -f -i $LOCAL_INTERFACE_1 -j DENY

# MODULES MASQUERADING
# Uncomment bellow all modules lines that you need
# These modules are necessary to masquerade their respective services,
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971 /sbin/modprobe ip_masq_irc #/sbin/modprobe ip_masq_vdolive #/sbin/modprobe ip_masq_cuseeme #/sbin/modprobe ip_masq_quake

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15