| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- *****************
- Iptables
- *****************
- |
- After The install is complete please keep the login details from the install in a safe and secure place. Just in case you need them later.
- iptables
- ===========
- Basic Rules
- ===========
- | ``iptables -A INPUT -i lo -j ACCEPT``
- | ``iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 5060 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 5060 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
- | ``iptables -P INPUT DROP``
- | ``iptables -P FORWARD DROP``
- | ``iptables -P OUTPUT ACCEPT``
- Optional Rules
- ===============
- | OPENVPN: ``iptables -A INPUT -p udp --dport 1194 -j ACCEPT``
- | SYSLOG: ``iptables -A INPUT -p udp --dport 514 -j ACCEPT``
- | ICMP: ``iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT``
- Friendly Scanner
- ================
- Rules to block not so friendly scanner
- | ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm``
- | *Optional*
- | ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxIPUserAgent" --algo bm``
- Show iptable rules
- ==================
- ``iptables -L -v``
- Show line numbers
- =================
- ``iptables -L -n -v --line-numbers``
- Delete a line
- =============
- Delete line 2
- ``iptables -D INPUT 2``
- Clear iptables rules
- ================
- | ``iptables -P INPUT ACCEPT``
- | ``iptables -F``
- | ``iptables -X``
- Block IP address
- ================
- ``iptables -I INPUT -s 62.210.245.132 -j DROP``
- Save Changes
- ============
- Debian / Ubuntu
- | ``iptables-save > /etc/iptables/rules.v4``
- or
- | ``apt-get install iptables-persistent``
- | ``service iptables-persistent save``
- | ``dpkg-reconfigure iptables-persistent``
- Iptables Configuration
- ======================
- Debian / Ubuntu
- | ``cd /etc/iptables``
- Activate rules.v4 file changes
- ==============================
- | ``iptables-restore < /etc/iptables/rules.v4``
|
