Example of an iptables

zhaozj2021-02-16  102

#DOP ICMP Echo-Request Messages Sent to Broadcast Or Multicast Addresses

Echo 1> / proc / sys / net / ipv4 / icmp_echo_ignore_broadcasts

?

#Drop Source Routed Packets

Echo 0> / proc / sys / net / ipv4 / conf / all / accept_source_route

?

# Enable TCP SYN Cookie Protection from Syn Floods

Echo 1> / Proc / Sys / Net / IPv4 / TCP_Syncookies

?

# Don't accept ICMP Redirect Messages

Echo 0> / Proc / Sys / Net / IPv4 / Conf / All / Accept_Redirects

?

# Don't send ICMP Redirect Messages

Echo 0> / proc / sys / net / ipv4 / conf / all / send_redirects

?

# Enable Source Address Spoofing Protection

ECHO 1> / proc / sys / net / ipv4 / conf / all / rp_filter

?

# Log Packets with Impossible Source Addresses

Echo 1> / Proc / Sys / Net / IPv4 / Conf / All / Log_martians

?

# Flush all chains

/ sbin / iptables - Flush

?

# Allow unlimited traffic on the loopback interface

/ sbin / iptables -a input -i lo -j acceptpt

/ sbin / iptables -a output -o lo -j acid

?

# Set default policies

/ sbin / iptables -p input drop

/ sbin / iptables -P Output Drop

/ sbin / iptables -p forward Drop

?

# Previously initiated and accountted Exchanges Bypass Rule Checking

# Allow unlimited Outbound Traffic

/ sbin / iptables -ainput -m state --state established, Related -j Accept

/ sbin / iptables -a output -m state --state new, established, related -j accept

?

#Enable ssh port 22

/ sbin / iptables -a input -p tcp --dport 22 -m state --state new -j acceptpt

?

# Drop All other traffic

/ sbin / iptables -a input -j drop

?

The above instance is to establish a firewall, turn on the SSH port to the outside, and turn off the ICMP package.

转载请注明原文地址:https://www.9cbs.com/read-11094.html

New Post(0)