Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server | All about OS

Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

Категория: Securing and Optimizing

# ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_C -j DENY -I
# ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_C -j DENY -I
# ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_C -j REJECT -I
# ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_C -j REJECT -I
# Refuse packets claiming to be from the loopback interface
ipchains -A input -i $EXTERNAL_INTERFACE -s $LOOPBACK -j DENY -I ipchains -A output -i $EXTERNAL_INTERFACE -s $LOOPBACK -j REJECT -I
# Refuse broadcast address SOURCE packets
ipchains -A input -i $EXTERNAL_INTERFACE -s $BROADCAST_DEST -j DENY -I ipchains -A input -i $EXTERNAL_INTERFACE -d $BROADCAST_SRC -j DENY -I
# Refuse Class D multicast addresses (in.h) (NET-3-H0WT0)
# Multicast is illegal as a source address.
# Multicast uses UDP.
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_D_MULTICAST -j DENY -I
# Refuse Class E reserved IP addresses
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_E_RESERVED_NET -j DENY -I
# refuse addresses defined as reserved by the IANA
41 Q * * * -1*** o*** 5*** 7 * * * 90 * * * 97 * * *
# 31 .*.*.’*, 37.*.*.*, 39.*.*.*, 41.*.*.*, 42.*.*.*, 58-60.*.*.*
# 65-95.*.*.*, 96-126.*.*.*, 197.*.*.*, 201.*.*.* (?), 217-223.*.*.*
ipchains -A input -i $EXTERNAL_INTERFACE -s 1.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 2.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 5.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 7.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 23.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 27.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 31.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 37.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 39.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 41.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 42.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 58.0.0.0/7 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 60.0.0.0/8 -j DENY -I
#65: 01000001 - /3 includes 64 - need 65-79 spelled out ipchains -A input -i $EXTERNAL_INTERFACE -s 65.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 66.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 67.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 68.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 69.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 70.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 71.0.0.0/8 -j DENY -ipchains -A input -i $EXTERNAL_INTERFACE -s 72.0.0.0/8 -j DENY -
ipchains ipchains ipchains ipchains ipchains ipchains ipchains

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

« Build a kernel with Firewall Masquerading and Forwarding support
Deny access to some address »