attacks, that could be prevented with iptables
S Mathias
smathias1972 at yahoo.com
Wed Dec 15 20:00:40 UTC 2010
I updated my firewall script [only for a usually home desktop pc, Fedora 14]
1) Does this really gives protection against syn attacks?:
http://www.webhostingtalk.com/showpost.php?s=9bc3d4f0da424f10c6ad08f572d3ebf0&p=2784813&postcount=1
2) how can i flush all the iptables rule/policy to default? this is the offical method? [are there unnecessary lines in it?] :
# FLUSH ALL RULES
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# ERASE ALL NON-DEFAULT CHAINS
$IPTABLES -X
3) are there any docs/howtos, [like the syn attack "1)" one], that could give me more "security" with iptables?
4) my firewall script is here [are there any errors in it?]:
http://pastebin.com/raw.php?i=R7QdiDd9
5) is there a command to get info, that how many packets went through e.g.: the
$IPTABLES -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
or the
$IPTABLES -A OUTPUT -p tcp -m multiport --dport 80,443 -j ACCEPT
line? are there any statistics about it?
ps.: the local dns server was just a:
yum -y install caching-nameserver
chkconfig --level 5 named on
ps2.: and i found out, that if i use a local dns server, that local dns server will "get info" from the root servers!!! no more relying on google dns, or opendns!! hurraj! :) !!! made my day :)
ps3.: i found out why my computer hangs, after installing the cached name server:
http://lists.fedoraproject.org/pipermail/users/2010-December/388752.html
it was regarding the firewall.... but with my newest [ 4) ] firewall script, it works just fine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20101215/55c7dc9b/attachment.html
More information about the users
mailing list