Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

# LOOPBACK
# Unlimited traffic on the loopback interface.
ipchains -A input -i $LOOPBACK_INTERFACE -j ACCEPT ipchains -A output -i $LOOPBACK_INTERFACE -j ACCEPT
# Network Ghouls
# Deny access to jerks

# /etc/rc.d/rc.firewall.blocked contains a list of
# ipchains -A input -i $EXTERNAL_INTERFACE -s address -j DENY
# rules to block from any access.
# Refuse any connection from problem sites
#if [ -f /etc/rc.d/rc.firewall.blocked ]; then
# . /etc/rc.d/rc.firewall.blocked
#fi
# SPOOFING & BAD ADDRESSES
# Refuse spoofed packets.
# Ignore blatantly illegal source addresses.
# Protect yourself from sending to bad addresses.
# Refuse spoofed packets pretending to be from the external address,
ipchains -A input -i $EXTERNAL_INTERFACE -s $IPADDR -j DENY -I
# Refuse packets claiming to be to or from a Class A private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_A -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_A -j DENY -I
ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_A -j REJECT -I
ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_A -j REJECT -I
# Refuse packets claiming to be to or from a Class B private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_B -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_B -j DENY -I
ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_B -j REJECT -I
ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_B -j REJECT -I
# Refuse packets claiming to be to or from a Class C private network

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15