Dans des posts precedents j'ai vu qu'il y avait parmis des pros de iptables, j'aurai donc besoin de vos lumieres. Je ne connais rien a iptable et j'ai donc installe bastille comme firewall mais j'ai besoin de port forwading et bastille ne le gere pas en natif. Je ne reviendrai pas sur bastille, j'ai deja un post d'hier. J'ai donc cherche un script sur le net et j'ai trouve ca et l'ai adapte a ma config: #!/bin/bash # # This is a sample firewall for ip_tables, the tool for doing firewalling # and masquerading under the 2.3.x/2.4.x series of kernels. # # Be warned, this is a very restrictive set of firewall rules (and they # should be, for proper security). Anything that you do not _specifically_ # allow is logged and dropped into /dev/null, so if you're wondering why # something isn't working, check /var/log/messages. # # This is about as close as you get to a 'secure' firewall. It's nasty, # it's harsh, and it will make your machine nearly invisible to the rest # of the internet world. Have fun. # # To run this script you must 'chmod 700 iptables-script' and then execute # it. To stop it from running, run 'iptables -F'
#Point this to your copy of ip_tables IPT="/sbin/iptables" #Load the module. modprobe iptable_nat #Flush old rules, delete the firewall chain if it exists $IPT -F $IPT -F -t nat $IPT -X firewall #Setup Masquerading. Change the IP to your internal network and uncomment #this in order to enable it. $IPT -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE $IPT -P FORWARD ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward #Set up the firewall chain $IPT -N firewall $IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:" $IPT -A firewall -j DROP #Accept ourselves $IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT #If you're using IP Masquerading, change this IP to whatever your internl #IP addres is and uncomment it $IPT -A INPUT -s 192.168.0.0/24 -d 0/0 -j ACCEPT #Accept DNS, 'cause it's warm and friendly $IPT -A INPUT -p udp --source-port 53 -j ACCEPT #$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT #$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT #Allow ftp to send data back and forth. #$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT #Accept SSH. Duh. #$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT #Send everything else ot the firewall. $IPT -A INPUT -p icmp -j firewall $IPT -A INPUT -p tcp --syn -j firewall $IPT -A INPUT -p udp -j firewall Sur le site ou je l'ai trouve il est dit que c'est un script tres restrictif mais je n'ai vu aucune diff, pouvez vous me donner votre avis svp? David
Vous souhaitez acquerir votre Pack ou des Services MandrakeSoft? Rendez-vous sur "http://www.mandrakestore.com";
