The firewall scripts files

Категория: Securing and Optimizing

# Refuse packets claiming to be to or from a Class B private network
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_B -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_B -j DENY -I
ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_B -j REJECT -I
ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_B -j REJECT -I
# Refuse packets claiming to be to or from a Class C private network

# ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_C -j DENY -I
# ipchains -A input -i $EXTERNAL_INTERFACE -d $CLASS_C -j DENY -I
# ipchains -A output -i $EXTERNAL_INTERFACE -s $CLASS_C -j REJECT -I
# ipchains -A output -i $EXTERNAL_INTERFACE -d $CLASS_C -j REJECT -I
# Refuse packets claiming to be from the loopback interface
ipchains -A input -i $EXTERNAL_INTERFACE -s $LOOPBACK -j DENY -I ipchains -A output -i $EXTERNAL_INTERFACE -s $LOOPBACK -j REJECT -I
# Refuse broadcast address SOURCE packets
ipchains -A input -i $EXTERNAL_INTERFACE -s $BROADCAST_DEST -j DENY -I ipchains -A input -i $EXTERNAL_INTERFACE -d $BROADCAST_SRC -j DENY -I
# Refuse Class D multicast addresses (in.h) (NET-3-H0WT0)
# Multicast is illegal as a source address.
# Multicast uses UDP.
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_D_MULTICAST -j DENY -I
# Refuse Class E reserved IP addresses
ipchains -A input -i $EXTERNAL_INTERFACE -s $CLASS_E_RESERVED_NET -j DENY -I
# refuse addresses defined as reserved by the IANA
j? n * * * -i*** o * * * c * * * 7 * * * no * * * 97 * * *
# 31 .*.*.’*, 37.*.*.*, 39.*.*.*, 41.*.*.*, 42.*.*.*, 58-60.*.*.*
# 65-95.*.*.*, 96-126.*.*.*, 197.*.*.*, 201.*.*.* (?), 217-223.*.*.*
ipchains -A input -i $EXTERNAL_INTERFACE -s 1.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 2.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 5.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 7.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 23.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 27.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 31.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 37.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 39.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 41.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 42.0.0.0/8 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 58.0.0.0/7 -j DENY -I
ipchains -A input -i $EXTERNAL_INTERFACE -s 60.0.0.0/8 -j DENY -I
#65: 01000001 -12, includes 64 - need 65-79 spelled out ipchains -A input -i

Страниц: 1 2 3 4 5 6 7 8 9 10

« Some explanation of rules used in the firewall script files

Configuration of the “/etc/rc.d/init.d/firewall” script file for the Mail Server »

All about OS

OS is a heart of computer

Search

Ссылки

Visitor

Реклама

Meta

Партнеры

Category

The firewall scripts files