Securing and Optimizing Linux:RedHat Edition | All about OS

The firewall scripts files

Категория: Securing and Optimizing

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 22 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $SSH_PORTS \ -d $IPADDR 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 22 \
-d $ANYWHERE $SSH_PORTS -j ACCEPT
# HTTP server (80)
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 80 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 80 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
# HTTPS server (443)
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ -s $ANYWHERE $UNPRIVPORTS \ -d $IPADDR 443 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 443 \ -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
#SYSLOG server (514)
# Provides full remote logging. Using this feature you’re able to
# control all syslog messages on one host.
# ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
# -s $SYSLOG_CLIENT \
# -d$IPADDR 514-j ACCEPT
# SYSLOG client (514)
# ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
# -s$IPADDR514\
# -d $SYSLOG_SERVER 514 -j ACCEPT
#AUTH server (113)

Страниц: 1 2 3 4 5 6 7 8 9 10

« Some explanation of rules used in the firewall script files
Configuration of the “/etc/rc.d/init.d/firewall” script file for the Mail Server »