Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 00:55
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
firewall
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [1 Post]  
Author Message
shadowKnows


Joined: 27 Jan 2011
Posts: 2
Location: Charleston, WV

PostPosted: Fri 28 Jan 2011, 08:49    Post subject:  firewall
Subject description: iptables-restore
 

here is what I have for a firewall


not the best way to load the iptables-restore, but good enough until I figure out the right way to do it.

.bashrc = <!

#B691ED#B791F0. /etc/profile

iptables-restore /root/firewall

alias ls="ls --color=auto"
alias lsd="ls -lad"
alias lswd="ls -ad"
alias ll="ls -la"
alias mf="more $1"
alias vi=defaulttexteditor


#v1.0.5 need to override TERM setting in /etc/profile...
#export TERM=xterm
# ...v2.13 removed.

#export HISTFILESIZE=2000#000000
#export HISTCONTROL=ignoredups
#...v2.13 removed.
#B791F0

!>

firewall = <!
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*mangle
:PREROUTING ACCEPT [60:9146]
:INPUT ACCEPT [60:9146]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [53:3849]
:POSTROUTING ACCEPT [60:4584]
COMMIT
# Completed on Thu Feb 26 21:16:44 2009
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*nat
:PREROUTING ACCEPT [7:1546]
:POSTROUTING ACCEPT [53:3849]
:OUTPUT ACCEPT [53:3849]
COMMIT
# Completed on Thu Feb 26 21:16:44 2009
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [53:3849]
:CHECK_ICMP - [0:0]
:CHECK_TCP - [0:0]
:INET_IN - [0:0]
:INET_IN_TCP - [0:0]
:INET_IN_UDP - [0:0]
:INET_OUT - [0:0]
:PACKET_DROP - [0:0]
:SPOOFING - [0:0]
:SYN_FLOOD - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j INET_IN
-A INPUT -j PACKET_DROP
-A FORWARD -j PACKET_DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j INET_OUT
-A CHECK_TCP -m state --state INVALID -m limit --limit 1/sec -j LOG --log-prefix "INVALID Packet " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-option 64 -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG(64) " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-option 128 -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG(128) " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -m state --state INVALID -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-option 64 -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-option 128 -j DROP
-A INET_IN -j SPOOFING
-A INET_IN -p tcp -j INET_IN_TCP
-A INET_IN -p udp -j INET_IN_UDP
-A INET_IN -s 216.239.116.65 -j DROP
-A INET_IN -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_TCP -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j SYN_FLOOD
-A INET_IN_TCP -j CHECK_TCP
-A INET_IN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INET_IN_UDP -s 208.180.43.6 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INET_IN_UDP -s 66.76.2.132 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_UDP -s 66.76.2.133 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INET_OUT -m state --state INVALID -j DROP
-A PACKET_DROP -p tcp -m limit --limit 1/sec -j LOG --log-prefix "TCP Dropped " --log-level 6
-A PACKET_DROP -p udp -m limit --limit 1/sec -j LOG --log-prefix "UDP Dropped " --log-level 6
-A PACKET_DROP -f -m limit --limit 1/sec -j LOG --log-prefix "FRAGMENT Dropped " --log-level 6
-A PACKET_DROP -j DROP
-A SPOOFING -s 0.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 10.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 127.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 169.254.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 172.16.0.0/255.240.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 224.0.0.0/240.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 240.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 248.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 75.108.115.230 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -d 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -d 0.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 0.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 10.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 127.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 169.254.0.0/255.255.0.0 -j DROP
-A SPOOFING -s 172.16.0.0/255.240.0.0 -j DROP
-A SPOOFING -s 224.0.0.0/240.0.0.0 -j DROP
-A SPOOFING -s 240.0.0.0/248.0.0.0 -j DROP
-A SPOOFING -s 248.0.0.0/248.0.0.0 -j DROP
-A SPOOFING -s 255.255.255.255 -j DROP
-A SPOOFING -s 75.108.115.230 -j DROP
-A SPOOFING -d 255.255.255.255 -j DROP
-A SPOOFING -d 0.0.0.0 -j DROP
-A SYN_FLOOD -m limit --limit 12/sec --limit-burst 24 -j RETURN
-A SYN_FLOOD -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SYN_FLOOD Dropped " --log-level 6
-A SYN_FLOOD -j DROP
COMMIT
# Completed on Thu Feb 26 21:16:44 2009



!>
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [1 Post]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0625s ][ Queries: 11 (0.0112s) ][ GZIP on ]