iptables templates

Damian Myerscough damian.myerscough at gmail.com
Fri May 25 14:23:45 UTC 2007 

mod_evasive is not in the extras :( however I am sure we could package it.

On 25/05/07, Mike McGrath <mmcgrath at redhat.com> wrote:
> Damian Myerscough wrote:
> > On 25/05/07, Mike McGrath <mmcgrath at redhat.com> wrote:
> >> seth vidal wrote:
> >> > Here's what I've used in the past.
> >> >
> >> > It allows connections for certain ports/places and then drops
> >> everything
> >> > else as the last item.
> >> >
> >> > http://linux.duke.edu/~skvidal/misc/iptables-template
> >> >
> >> > it's pretty painless, really.
> >> >
> >> > If we want to add explicit outbound rules, too, that's fine, but I'd
> >> > advise enabling logging b/c that stuff is easy to get wrong. :)
> >> >
> >> > This is just a sample but it's simple and straightforward.
> >> >
> >>
> >> Excellent.  I much prefer simple firewall rules where possible (its not
> >> always possible :)
> >>
> >> One RFE:
> >>
> >> Could we have a commented section in there to rate limit some of the
> >> open ports (http immediately come to mind)?  That way if we get slammed
> >> again we don't have to go figure out what we've done in the past we can
> >> just uncomment it.
> >>
> >> What do you think?
> >>
> >>     -Mike
> >>
> >> _______________________________________________
> >> Fedora-infrastructure-list mailing list
> >> Fedora-infrastructure-list at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
> >>
> >
> > Hey Mike,
> >
> > For Apache why not deploy the mod_evasive module. What is mod_evasive?
> >
> > mod_evasive is an evasive maneuvers module for Apache to provide
> > evasive action in the event of an HTTP DoS or DDoS attack or brute
> > force attack. It is also designed to be a detection and network
> > management tool, and can be easily configured to talk to ipchains,
> > firewalls, routers, and etcetera. mod_evasive presently reports abuses
> > via email and syslog facilities.
> >
> > I have finished university for the summer, would you like me to look
> > into deploying this
> > next week? Does anyone have any objections to this?
> >
>
> Is mod_evasive in extras/epel?
>
>     -Mike
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>


-- 
Regards,
  Damian

More information about the infrastructure mailing list