Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #interdiction de toutes les connexions
- iptables -t filter -P INPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -P OUTPUT DROP
- #garde les connexions établies
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Autorise le "trafic" local en entré
- #iptables -A INPUT -i lo -j ACCEPT
- # SSH
- iptables -t filter -A INPUT -p tcp --dport XX -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport XX -j ACCEPT
- # DNS
- iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
- iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
- iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
- # HTTP + HTTPS
- iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
- # mail : smtp / smtps / imap / imaps / pop3
- iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
- # test - opden DKIM
- iptables -t filter -A INPUT -p tcp --dport 12301 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 12301 -j ACCEPT
- # test mysql
- iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 3306 -j ACCEPT
- # Prelude - webinterface
- iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
- iptables -I OUTPUT -p tcp --dport 8000 -j ACCEPT
- #Contre mesure
- #
- #demande de connexion limité à 1/sec
- iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
- #limite le scan - contre mesure basique
- iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement