Le lundi 19 septembre 2011 07:54, Benny Pedersen a écrit : > On Mon, 19 Sep 2011 04:41:44 +0200, m...@smtp.fakessh.eu wrote: > > Le lundi 19 septembre 2011 04:05, m...@smtp.fakessh.eu a écrit : > >> hello shorewall list > >> > >> how to include this rule > >> iptables -A OUTPUT -o eth0 -p tcp --tcp-flags RST RST -j DROP > >> > >> in shorewall config > >> > >> all testimonials are walcome > > > > and how to add this rule > > iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP > > iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP > > iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP > > iptables -A INPUT -f -j DROP > > http://manpages.ubuntu.com/manpages/hardy/man5/shorewall-policy.5.html > > and more info in man shorewall-policy, and i lost to give same about > man shorewall-interfaces > > pretty much of that default rules are there :) > > > PS: i hate ubuntuforums for letting google index pages that needs > logins ! >
my file /etc/shorewall/policy is standard i quote #LAST LINE -- DO NOT REMOVE #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST $FW net DROP info net $FW DROP info loc loc ACCEPT # The FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE I meet these bulks yet still apache daemons who attacks me -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @
pgpGUIA7Bf7J9.pgp
Description: PGP signature
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
