Re: CUPS und Firewall
Hallo Florian,
Florian Ernst schrieb:
TCP _und_ UDP?
Welcher Port bei UDP? Auch 631?
Ich glaube, ich poste einfach mal mein Firewall-Skript:
IPC=/sbin/ipchains
LOCAL=$1
IFACE=eth0
# Set default settings.
$IPC -F
$IPC -X
$IPC -P input DENY
$IPC -P forward DENY
$IPC -P output ACCEPT
# Allow access to loopback interface.
$IPC -A input -i lo -j ACCEPT
# Allow ICMP packets
$IPC -A input -i $IFACE -p icmp -j ACCEPT
# Reject UDP packets for ports 0-630, 632-1023, 2049 (NFS)
# Port 631 is needed for IPP(?)
$IPC -A input -i $IFACE -p udp --dport 0:630 -j DENY
$IPC -A input -i $IFACE -p udp --dport 632:1023 -j DENY
$IPC -A input -i $IFACE -p udp --dport 2049 -j DENY
# Allow all other UDP packets.
$IPC -A input -i $IFACE -p udp -j ACCEPT
# Allow IPP access for using CUPS
$IPC -A input -i $IFACE -p tcp --dport 631 -j ACCEPT
# Reject all other packets with SYN bit set.
$IPC -A input -i $IFACE -p tcp -y --dport 0:65535 -j DENY
# Reject connections to X displays.
$IPC -A input -i $IFACE -p tcp --dport 5999:6003 -j DENY
# Allow all other TCP packets.
$IPC -A input -i $IFACE -p tcp -j ACCEPT
# log all rules
$IPC -A input -l
Gruß
Niklas
Reply to: