|
@@ -4,15 +4,15 @@
|
|
|
:target: https://github.com/fusionpbx/fusionpbx-docs
|
|
:target: https://github.com/fusionpbx/fusionpbx-docs
|
|
|
|
|
|
|
|
Basic Rules
|
|
Basic Rules
|
|
|
-===========
|
|
|
|
|
|
|
+~~~~~~~~~~~~
|
|
|
|
|
|
|
|
| ``iptables -A INPUT -i lo -j ACCEPT``
|
|
| ``iptables -A INPUT -i lo -j ACCEPT``
|
|
|
| ``iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT``
|
|
| ``iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
|
|
| ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
|
|
| ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
|
|
| ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
|
|
|
-| ``iptables -A INPUT -p tcp --dport 5060 -j ACCEPT``
|
|
|
|
|
-| ``iptables -A INPUT -p udp --dport 5060 -j ACCEPT``
|
|
|
|
|
|
|
+| ``iptables -A INPUT -p tcp --dport 5060:5069 -j ACCEPT``
|
|
|
|
|
+| ``iptables -A INPUT -p udp --dport 5060:5069 -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
|
|
| ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
|
|
| ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
|
|
|
| ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
|
|
| ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
|
|
@@ -22,8 +22,9 @@ Basic Rules
|
|
|
| ``iptables -P FORWARD DROP``
|
|
| ``iptables -P FORWARD DROP``
|
|
|
| ``iptables -P OUTPUT ACCEPT``
|
|
| ``iptables -P OUTPUT ACCEPT``
|
|
|
|
|
|
|
|
|
|
+
|
|
|
Friendly Scanner
|
|
Friendly Scanner
|
|
|
-================
|
|
|
|
|
|
|
+~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
Rules to block not so friendly scanner
|
|
Rules to block not so friendly scanner
|
|
|
|
|
|
|
@@ -33,29 +34,37 @@ Rules to block not so friendly scanner
|
|
|
| ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm``
|
|
| ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm``
|
|
|
|
|
|
|
|
Show iptable rules
|
|
Show iptable rules
|
|
|
-==================
|
|
|
|
|
|
|
+~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
| ``sudo iptables -L -v``
|
|
| ``sudo iptables -L -v``
|
|
|
|
|
|
|
|
Show line numbers
|
|
Show line numbers
|
|
|
-=================
|
|
|
|
|
|
|
+~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
| ``iptables -L -v --line-numbers``
|
|
| ``iptables -L -v --line-numbers``
|
|
|
|
|
|
|
|
Delete a line
|
|
Delete a line
|
|
|
-=============
|
|
|
|
|
|
|
+~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
Delete line 2
|
|
Delete line 2
|
|
|
|
|
|
|
|
|
|
+Flush out iptables
|
|
|
|
|
+~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
+
|
|
|
|
|
+iptables -P INPUT ACCEPT
|
|
|
|
|
+iptables -P FORWARD ACCEPT
|
|
|
|
|
+iptables -P OUTPUT ACCEPT
|
|
|
|
|
+iptables -F
|
|
|
|
|
+
|
|
|
| ``iptables -D INPUT 2``
|
|
| ``iptables -D INPUT 2``
|
|
|
|
|
|
|
|
Block IP address
|
|
Block IP address
|
|
|
-================
|
|
|
|
|
|
|
+~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
| ``iptables -I INPUT -s 62.210.245.132 -j DROP``
|
|
| ``iptables -I INPUT -s 62.210.245.132 -j DROP``
|
|
|
|
|
|
|
|
Save Changes
|
|
Save Changes
|
|
|
-============
|
|
|
|
|
|
|
+~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
Debian & Ubuntu
|
|
Debian & Ubuntu
|
|
|
|
|
|
FusionPBX