Situatie
Astazi am sa va prezint o metoda stabila de
Solutie
- Pentru inceput va trebui sa instalam pachetul numit iptables-persistent folosind comanda apt-get install ip-tables-persistent
- Pe parcursul instalarii veti fi intrebati daca doriti sa salvati regulile actuale.
- Dupa regulile firewall-ului vor fi puse in /etc/iptables/rules.v4
- Regulile le adaugati sub forma:
-
- -A INPUT -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT – to accept all established and related connections
- -A INPUT -i lo -j ACCEPT – to accept traffic from local interface
- -A INPUT -s xxx.xxx.xxx.xxx/32 -p tcp -m tcp –dport 22 -j ACCEPT – to permit ssh connections from specified IP
- -A INPUT -p tcp -m tcp –dport 80 –tcp-flags FIN,SYN,RST,ACK SYN -m connlimit –connlimit-above 5 –connlimit-mask 32 –connlimit-saddr -j REJECT –reject-with tcp-reset – to limit connections for the HTTP port
- -A INPUT -m geoip –src-cc A1 -j DROP – to block all anonymous proxy (using GeoIP package)
- -A INPUT -m geoip –src-cc DE,RU -j DROP – to block multiple countries (using GeoIP package)
- –A INPUT –j DROP – to block all other traffic
- Ca sa salvati permanent regulile adaugate ulterior rulati comanda iptables-save > /etc/iptables/rules.v4
- Ca sa puneti in functiune noile reguli si setari folositi comanda iptables-apply /etc/iptables/rules.v4
Leave A Comment?