Configuration of the “/etc/rc.d/init.d/firewall” script file for the Mail Server

# Refuse spoofed packets pretending to be from the external address,
ipchains -A input -i $EXTERNAL_INTERFACE -s $IPADDR -j DENY -I
# Refuse packets claiming to be to or from a Class A private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_A -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_A -j DENY -I
ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_A -j REJECT -I
ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_A -j REJECT -I
# Refuse packets claiming to be to or from a Class B private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_B -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_B -j DENY -I
ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_B -j REJECT -I
ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_B -j REJECT -I
# Refuse packets claiming to be to or from a Class C private network

# ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_C -j DENY -I
# ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_C -j DENY -I
# ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_C -j REJECT -I
# ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_C -j REJECT -I
# Refuse packets claiming to be from the loopback interface
ipchains -A input -i $EXTERNAL_INTERFACE -s $LOOPBACK -j DENY -I ipchains -A output -i $EXTERNAL_INTERFACE -s $LOOPBACK -j REJECT -I
# Refuse broadcast address SOURCE packets
ipchains -A input -i $EXTERNAL_INTERFACE -s $BROADCAST_DEST -j DENY -I ipchains -A input -i $EXTERNAL_INTERFACE -d $BROADCAST_SRC -j DENY -I
# Refuse Class D multicast addresses (in.h) (NET-3-H0WT0)
# Multicast is illegal as a source address.
# Multicast uses UDP.
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_D_MULTICAST -j DENY -I
# Refuse Class E reserved IP addresses
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_E_RESERVED_NET -j DENY -I
# refuse addresses defined as reserved by the IANA

Страниц: 1 2 3 4 5 6 7 8 9 10 11