Firewall setting
Manuel Arostegui Ramirez
manuel at todo-linux.com
Sat Sep 8 12:13:41 UTC 2007
El Sábado, 8 de Septiembre de 2007 13:56, edwardspl at ita.org.mo escribió:
> Dear All,
>
> For the Firewall setting, how can we use the ftp and ssh service ?
>
> For file 1 :
>
> #!/bin/bash
>
> modprobe ip_tables
> modprobe ip_nat_ftp
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
>
> iptables -F
> iptables -X
> iptables -F -t nat
> iptables -X -t nat
> iptables -F -t mangle
> iptables -X -t mangle
>
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -t nat -P OUTPUT ACCEPT
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -P POSTROUTING ACCEPT
> iptables -t mangle -P PREROUTING ACCEPT
> iptables -t mangle -P POSTROUTING ACCEPT
> iptables -t mangle -P INPUT ACCEPT
> iptables -t mangle -P OUTPUT ACCEPT
> iptables -t mangle -P FORWARD ACCEPT
>
> For file2
>
> iptables -P INPUT DROP
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --dport 21 -j ACCEPT
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>
iptables -A INPUT -p tcp -d $SERVER_IP --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -d $SERVER_IP --dport 22 -j ACCEPT
try that one
Cheers
Manuel
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the users
mailing list