Re: [SOLUCIONADO] iptables asesoramiento
El 04/07/12 21:05, M.Vila escribió:
Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state
--state ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state
--state ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state
--state ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state
--state ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state
--state ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state
--state ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state
--state ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state
--state ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state
--state ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
algunos consejos.
-m state --state NEW,ESTABLISHED -j ACCEPT - -j ACCEPT
Usa tus propias cadenas.
-N _outgoing
-I _outgoing -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 993 -j _outgoing
iptables -A OUTPUT -p tcp --dport 995 -j _outgoing
etc ...
si es un servidor y trabajas en remoto, las policy deberías aplicarlas
al final, despues de haber asegurado el acceso al sistema.
Un saludo.
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff53e18.9090...@limbo.deathwing.net
Re: [SOLUCIONADO] iptables asesoramiento
El 05/07/12 00:29, Alberto Benítez escribió:
2012/7/4 M.Vila pradonce...@gmail.com:
Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state
ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state
ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state
ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state
ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state
ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state
ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state --state
ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state --state
ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state --state
ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff493fb.60...@gmail.com
Aprovecho para preguntar, ¿alguien conoce reglas para prevenir DDOS y MITM?
Saludos
puedes usar recent para limitar el número de paquetes que alcancen la
capa de aplicación, pero no puedes evitar que esos paquetes lleguen a tu
conexión y se coman tu canuto.
Sobre el MitM, es un concepto muy amplio que abarca diferentes tipos de
ataques, tendrás que ser mas preciso si quieres una respuesta adecuada.
Un saludo.
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff54048.1030...@limbo.deathwing.net
Re: [SOLUCIONADO] iptables asesoramiento
2012/7/5 Juan Antonio push...@limbo.deathwing.net
El 04/07/12 21:05, M.Vila escribió:
Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state
--state ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state
--state ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state
--state ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state
--state ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state
--state ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state
--state ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state
--state ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state
--state ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state
--state ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
algunos consejos.
-m state --state NEW,ESTABLISHED -j ACCEPT - -j ACCEPT
Usa tus propias cadenas.
-N _outgoing
-I _outgoing -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 993 -j _outgoing
iptables -A OUTPUT -p tcp --dport 995 -j _outgoing
etc ...
si es un servidor y trabajas en remoto, las policy deberías aplicarlas
al final, despues de haber asegurado el acceso al sistema.
Un saludo.
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff53e18.9090...@limbo.deathwing.net
Hola
Estas cosas:
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
las haria en el /etc/sysctl.conf, por ejemplo:
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
Despues acuerdate de ejecutar sysctl -p
Salu2
--
Juan Sierra Pons j...@elsotanillo.net
Linux User Registered: #257202 http://www.elsotanillo.net
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
Re:[SOLUCIONADO] iptables asesoramiento
Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state
ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state
ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state
ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state
ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state
ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state
ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state
--state ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state
--state ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff493fb.60...@gmail.com
Re: [SOLUCIONADO] iptables asesoramiento
2012/7/4 M.Vila pradonce...@gmail.com:
Gracias por la ayuda!! Os dejo mi configuración.
#!/bin/bash
iptables -F
iptables -t nat -F
iptables -Z
iptables -X
#
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#
#/sbin/modprobe ip_conntrack_ftp
#
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
#
# Quitamos los pings.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
#
# No respondemos a los broadcast.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# Para evitar el spoofing nos aseguramos de que la dirección
# origen del paquete viene del sitio correcto.
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 ${interface}
done
#dns
iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 1024:65535 --sport 53 -m state --state
ESTABLISHED -j ACCEPT
#ssh
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 22 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 22 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --dport 1024:65535 --sport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 25 -m state --state
ESTABLISHED -j ACCEPT
#http
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 80 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 80 -m state --state
ESTABLISHED -j ACCEPT
#smtp
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 443 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 443 -m state --state
ESTABLISHED -j ACCEPT
#https
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 465 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 465 -m state --state
ESTABLISHED -j ACCEPT
#imap4
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 993 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 993 -m state --state
ESTABLISHED -j ACCEPT
#pop3
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 995 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 995 -m state --state
ESTABLISHED -j ACCEPT
#irc
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 6667 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 6667 -m state --state
ESTABLISHED -j ACCEPT
#squid
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 3128 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 3128 -m state --state
ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p tcp --sport 1024:65535 --dport 8080 -m state --state
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 --sport 8080 -m state --state
ESTABLISHED -j ACCEPT
#
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff493fb.60...@gmail.com
Aprovecho para preguntar, ¿alguien conoce reglas para prevenir DDOS y MITM?
Saludos
--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/caldo7dksq4_k8hpuxghydnkz0apncaufglb45ap4d9wmova...@mail.gmail.com
