[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re:[SOLUCIONADO] iptables asesoramiento

 Gracias por la ayuda!! Os dejo mi configuración.

#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "1" > ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state ESTABLISHED -j ACCEPT 
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state ESTABLISHED -j ACCEPT 
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state ESTABLISHED -j ACCEPT 
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state ESTABLISHED -j ACCEPT 
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state ESTABLISHED -j ACCEPT 
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state ESTABLISHED -j ACCEPT 
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state ESTABLISHED -j ACCEPT 
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state ESTABLISHED -j ACCEPT 
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state --state ESTABLISHED -j ACCEPT 
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state --state ESTABLISHED -j ACCEPT 
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state --state ESTABLISHED -j ACCEPT 
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp  -m state --state ESTABLISHED -j ACCEPT
Reply to: