Ubuntu does come with iptables preset like in Fedora. Here's the base set up for iptables.
Add iptable rules.
Block Null Packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Reject Syn-Flood Attack
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Reject XMAS/recon packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Allow custom ports
<here>
Accept Established Connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
Use iptables-save to save it to a file.
iptables-save > /etc/iptables.rules
Edit rc.local to import iptables rules during boot up.
iptables-restore < /etc/iptables.rules
No comments:
Post a Comment
Thank you for your comment.