[ SlackList ] [ WkikiSlack ]




iptables

From: wilde <wildeman_malpka_op.pl>
Date: Sun Dec 26 2004 - 21:45:41 CET

zapomnialem dodac ze tak wyglada poczatek calego skrypta :"
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Limitowanie sesji tcp
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 3600 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 172800 >
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 20480 > /proc/sys/net/ipv4/ip_conntrack_max
###
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
/usr/sbin/iptables -F -t nat
/usr/sbin/iptables -X -t nat
/usr/sbin/iptables -F -t filter
/usr/sbin/iptables -X -t filter
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -t filter -I INPUT -s ! 10.0.0.0/8 -p icmp -j DROP
/usr/sbin/iptables -t filter -P FORWARD DROP
/usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 10.0.0.0/8 -p tcp -m
connlimit --connlimit-above
300 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -t filter -A FORWARD -p tcp --syn -m limit --limit 1/s -j
ACCEPT

a pozniej juz ida regolki od maskarady ...
no to ja tyle
Received on Sun Dec 26 21:42:28 2004

This archive was generated by hypermail 2.1.8. Wyprawa Shackleton 2014