Netværkssikkerhed
Netværkssikkerhed
Netværkssikkerhed
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Dual home firewall<br />
iptables - eksempel<br />
# Flush all the rules and set the default policy for the FORWARD chain to deny all<br />
iptables -F INPUT<br />
iptables –F OUTPUT<br />
iptables –F FORWARD<br />
iptables -P FORWARD deny<br />
# Block all incoming and outgoing traffic on eth0<br />
iptables -A INPUT -i eth0 -j DROP<br />
iptables -A OUTPUT -o eth0 -j DROP<br />
# Instruct Netfilter to accept fragmented packets (-f)<br />
iptables -A FORWARD -f -j ACCEPT<br />
# Accept incoming TCP packets from established connections<br />
iptables -A FORWARD -m state -p tcp --state ESTABLISHED,RELATED -j ACCEPT<br />
# Accept incoming TCP connections to SSH arriving at eth0<br />
iptables -A FORWARD -p tcp -i eth0 -d 208.209.210.0/24 --dport ssh -j ACCEPT<br />
# Accept all outgoing TCP and UDP connections entering the private interface (eth1)<br />
iptables -A FORWARD -p tcp -i eth1 -j ACCEPT<br />
iptables -A FORWARD -p udp -i eth1 -j ACCEPT<br />
# Accept incoming ICMP packet of "echo reply (=0)" type (ping replies)<br />
iptables -A FORWARD -p icmp -i eth0 -d 208.209.210.0/24 --icmp-type 0 -j ACCEPT<br />
# Accept all outgoing ICMP connections entering the private interface (eth1)<br />
iptables -A FORWARD -p icmp -i eth1 -j ACCEPT<br />
# Drop all other traffic in the FORWARD chain<br />
iptables -A FORWARD -j DROP<br />
iptables –A OUTPUT –j LOG<br />
09/10/2012 ITU 7.33