Configuration of the “/etc/rc.d/init.d/firewall” script file for the Mail Server

#80: 01010000 - /4 masks 80-95
ipchains -A input -i $EXTERNAL_INTERFACE -s 80.0.0.0/4 -j DENY -I
# 96: 01100000 - /4 makses 96-111
ipchains -A input -i $EXTERNAL_INTERFACE -s 96.0.0.0/4 -j DENY -I
#126:01111110 -
-A input -A input -A input -A input -A input -A input -A input -A input -A input -A input -A input -A input -A input -A input -A input
ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains ipchains
/3 includes 127 - need 112- $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE $EXTERNAL_INTERFACE
126 spelled out -s112.0.0.0/8-j -s113.0.0.0/8-j -s114.0.0.0/8-j -s115.0.0.0/8-j -s116.0.0.0/8-j -s117.0.0.0/8-j -s118.0.0.0/8-j -s119.0.0.0/8-j -s 120.0.0.0/8-j -s 121.0.0.0/8-j -s 122.0.0.0/8-j -s 123.0.0.0/8-j -s 124.0.0.0/8-j -s 125.0.0.0/8-j -s 126.0.0.0/8-j
DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY DENY
#217: 11011001 ipchains -A input ipchains -A input ipchains -A input
#223:11011111 ipchains -A input
#ICMP
- /5 includes 216 - need 217-219 spelled out
-i $EXTERNAL_INTERFACE -s 217.0.0.0/8 -j DENY -I -i $EXTERNAL_INTERFACE -s 218.0.0.0/8 -j DENY -I -i $EXTERNAL_INTERFACE -s 219.0.0.0/8 -j DENY -I
- /6 masks 220-223
-i $EXTERNAL_INTERFACE -s 220.0.0.0/6 -j DENY -I
# To prevent denial of service attacks based on ICMP bombs, filter
# incoming Redirect (5) and outgoing Destination Unreachable (3).
# Note, however, disabling Destination Unreachable (3) is not
# advisable, as it is used to negotiate packet fragment size.
# For bi-directional ping.
# Message Types: Echo_Reply (0), Echo_Request (8)
# To prevent attacks, limit the src addresses to your ISP range.
#

Страниц: 1 2 3 4 5 6 7 8 9 10 11