Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
info:hosting:basics:firewalls [2018/01/09 13:34]
Thibmo 		info:hosting:basics:firewalls [2018/01/10 11:28] (current)
Thibmo
Line 22: Line 22:
   - Edit your firewall configuration file: <code bash>​nano /​etc/​iptables.up.rules</​code>​   - Edit your firewall configuration file: <code bash>​nano /​etc/​iptables.up.rules</​code>​
   - Set the file's contents to: <code bash>​*filter   - Set the file's contents to: <code bash>​*filter
-:OUTPUT ACCEPT [0:0] 
-:INPUT DROP [0:0] 
 :FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
-# Accept ACK +:INPUT DROP [0:0] 
--A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT+:​OUTPUT ​ACCEPT ​[0:0]
 # Accept Established # Accept Established
 -A INPUT -m state --state ESTABLISHED -j ACCEPT -A INPUT -m state --state ESTABLISHED -j ACCEPT
Line 45: Line 43:
 # Accept ICMP 12 # Accept ICMP 12
 -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
 +# Accept FTP(S)
 +-A INPUT -p tcp -m tcp --dport 20:21 -j REJECT
 # Accept SSH To Host # Accept SSH To Host
--A INPUT -p tcp -m tcp --dport 22 -j ACCEPT+-A INPUT -p tcp -m tcp -d <Host main IP address> ​--dport 22 -j ACCEPT
 # Accept IDENT # Accept IDENT
 -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
Line 55: Line 55:
 # Drop sensitive ports # Drop sensitive ports
 -A INPUT -p tcp -m tcp --dport 7000:7010 -j DROP -A INPUT -p tcp -m tcp --dport 7000:7010 -j DROP
-COMMIT 
  
 +COMMIT
 *nat *nat
 :OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
Line 63: Line 63:
 :INPUT ACCEPT [0:0] :INPUT ACCEPT [0:0]
 COMMIT COMMIT
- 
 *mangle *mangle
 :​POSTROUTING ACCEPT [0:0] :​POSTROUTING ACCEPT [0:0]