Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 22 Oct 2014, 06:19
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
firewall
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count_1  
Author Message
shadowKnows


Joined: 27 Jan 2011
Posts: 2
Location: Charleston, WV

PostPosted: Fri 28 Jan 2011, 08:49    Post_subject:  firewall
Sub_title: iptables-restore
 

here is what I have for a firewall


not the best way to load the iptables-restore, but good enough until I figure out the right way to do it.

.bashrc = <!

#B691ED#B791F0. /etc/profile

iptables-restore /root/firewall

alias ls="ls --color=auto"
alias lsd="ls -lad"
alias lswd="ls -ad"
alias ll="ls -la"
alias mf="more $1"
alias vi=defaulttexteditor


#v1.0.5 need to override TERM setting in /etc/profile...
#export TERM=xterm
# ...v2.13 removed.

#export HISTFILESIZE=2000#000000
#export HISTCONTROL=ignoredups
#...v2.13 removed.
#B791F0

!>

firewall = <!
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*mangle
:PREROUTING ACCEPT [60:9146]
:INPUT ACCEPT [60:9146]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [53:3849]
:POSTROUTING ACCEPT [60:4584]
COMMIT
# Completed on Thu Feb 26 21:16:44 2009
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*nat
:PREROUTING ACCEPT [7:1546]
:POSTROUTING ACCEPT [53:3849]
:OUTPUT ACCEPT [53:3849]
COMMIT
# Completed on Thu Feb 26 21:16:44 2009
# Generated by iptables-save v1.3.8 on Thu Feb 26 21:16:44 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [53:3849]
:CHECK_ICMP - [0:0]
:CHECK_TCP - [0:0]
:INET_IN - [0:0]
:INET_IN_TCP - [0:0]
:INET_IN_UDP - [0:0]
:INET_OUT - [0:0]
:PACKET_DROP - [0:0]
:SPOOFING - [0:0]
:SYN_FLOOD - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j INET_IN
-A INPUT -j PACKET_DROP
-A FORWARD -j PACKET_DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j INET_OUT
-A CHECK_TCP -m state --state INVALID -m limit --limit 1/sec -j LOG --log-prefix "INVALID Packet " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-option 64 -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG(64) " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-option 128 -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG(128) " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 1/sec -j LOG --log-prefix "BAD TCP FLAG " --log-level 6
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A CHECK_TCP -m state --state INVALID -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-option 64 -j DROP
-A CHECK_TCP -p tcp -m tcp --tcp-option 128 -j DROP
-A INET_IN -j SPOOFING
-A INET_IN -p tcp -j INET_IN_TCP
-A INET_IN -p udp -j INET_IN_UDP
-A INET_IN -s 216.239.116.65 -j DROP
-A INET_IN -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_TCP -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j SYN_FLOOD
-A INET_IN_TCP -j CHECK_TCP
-A INET_IN_TCP -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INET_IN_UDP -s 208.180.43.6 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INET_IN_UDP -s 66.76.2.132 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_UDP -s 66.76.2.133 -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INET_IN_UDP -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INET_OUT -m state --state INVALID -j DROP
-A PACKET_DROP -p tcp -m limit --limit 1/sec -j LOG --log-prefix "TCP Dropped " --log-level 6
-A PACKET_DROP -p udp -m limit --limit 1/sec -j LOG --log-prefix "UDP Dropped " --log-level 6
-A PACKET_DROP -f -m limit --limit 1/sec -j LOG --log-prefix "FRAGMENT Dropped " --log-level 6
-A PACKET_DROP -j DROP
-A SPOOFING -s 0.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 10.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 127.0.0.0/255.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 169.254.0.0/255.255.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 172.16.0.0/255.240.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 224.0.0.0/240.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 240.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 248.0.0.0/248.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 75.108.115.230 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -d 255.255.255.255 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -d 0.0.0.0 -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SPOOFED Packet " --log-level 6
-A SPOOFING -s 0.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 10.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 127.0.0.0/255.0.0.0 -j DROP
-A SPOOFING -s 169.254.0.0/255.255.0.0 -j DROP
-A SPOOFING -s 172.16.0.0/255.240.0.0 -j DROP
-A SPOOFING -s 224.0.0.0/240.0.0.0 -j DROP
-A SPOOFING -s 240.0.0.0/248.0.0.0 -j DROP
-A SPOOFING -s 248.0.0.0/248.0.0.0 -j DROP
-A SPOOFING -s 255.255.255.255 -j DROP
-A SPOOFING -s 75.108.115.230 -j DROP
-A SPOOFING -d 255.255.255.255 -j DROP
-A SPOOFING -d 0.0.0.0 -j DROP
-A SYN_FLOOD -m limit --limit 12/sec --limit-burst 24 -j RETURN
-A SYN_FLOOD -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SYN_FLOOD Dropped " --log-level 6
-A SYN_FLOOD -j DROP
COMMIT
# Completed on Thu Feb 26 21:16:44 2009



!>
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count_1  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0553s ][ Queries: 11 (0.0032s) ][ GZIP on ]