[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SOLUCIONADO] iptables asesoramiento

2012/7/4 M.Vila <pradoncello@gmail.com>:
>  Gracias por la ayuda!! Os dejo mi configuración.
>
> #!/bin/bash
> iptables -F
> iptables -t nat -F
> iptables -Z
> iptables -X
>
> #
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> #
> #/sbin/modprobe ip_conntrack_ftp
> #
> iptables -A OUTPUT -o lo -j ACCEPT
> iptables -A INPUT -i lo -j ACCEPT
> #
> # Quitamos los pings.
> /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
> #
> # No respondemos a los broadcast.
> /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> #
> # Para evitar el spoofing nos aseguramos de que la dirección
> # origen del paquete viene del sitio correcto.
> for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
> /bin/echo "1" > ${interface}
> done
> #dns
>
> iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state
> ESTABLISHED -j ACCEPT
> #ssh
>
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state
> ESTABLISHED -j ACCEPT
> #smtp
>
> iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state
> ESTABLISHED -j ACCEPT
> #http
>
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state
> ESTABLISHED -j ACCEPT
> #smtp
>
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state
> ESTABLISHED -j ACCEPT
> #https
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state
> ESTABLISHED -j ACCEPT
> #imap4
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state
> ESTABLISHED -j ACCEPT
> #pop3
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state
> ESTABLISHED -j ACCEPT
> #irc
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state --state
> ESTABLISHED -j ACCEPT
> #squid
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state --state
> ESTABLISHED -j ACCEPT
> #
> iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state --state
> ESTABLISHED -j ACCEPT
>
> #
> iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p icmp  -m state --state ESTABLISHED -j ACCEPT
>
>
> --
> To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: [🔎] 4FF493FB.60003@gmail.com">http://lists.debian.org/[🔎] 4FF493FB.60003@gmail.com
>

Aprovecho para preguntar, ¿alguien conoce reglas para prevenir DDOS y MITM?

Saludos
Reply to: