sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #40116
RE: Eksempel pe firewall med ipchains.
In article <134B8AAE635DD411BC8500508BDF754C013C944C@xxxxxxxxxxxxxxx>,
"Andreas Overgaard" <anov@xxxxxx> wrote:
<snip>
> Lav maskinen til router for dit net.
> #!/bin/bash
> case "$1" in
> start|restart)
> echo "Aktivere pakke filter"
> /sbin/ipchains -A input --log
>
> /sbin/ipchains -X
> /sbin/ipchains -F
>
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -P forward DENY
>
> /sbin/ipchains -A input -i lo -p all -j ACCEPT /sbin/ipchains -A
> input -i eth0 -p icmp -s 0/0 -d 0/0 -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 80 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 443 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 113 -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 20:21 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 20:21 -d 0/0 -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 22 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 22 -d 0/0 -j ACCEPT
>
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 25 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 25 -d 0/0 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 110 -j ACCEPT
</snip>
Mangler denne linie ikke, hvis har bruger imap
/sbin/ipchains -A input -i eth0 -p tcp -s 0/0 -d 0/0 143 -j ACCEPT
<snip>
>
> /sbin/ipchains -A input -i eth0 -p udp -s 0/0 -d 0/0 53 -j ACCEPT
> /sbin/ipchains -A input -i eth0 -p udp -s 0/0 53 -d 0/0 -j ACCEPT
> ;;
> stop)
> echo "Deaktivere pakke filter!!"
> /sbin/ipchains -X
> /sbin/ipchains -F
> /sbin/ipchains -P input ACCEPT
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -P forward ACCEPT
> ;;
> status)
> /sbin/ipchains -L
> ;;
> *)
> echo "Usage: /etc/init.d/rc.firewall {start|stop|restart|status}"
> esac
</snip>
--
Hilsen/Sincerely
Michael Rasmussen
References
