Iptables -A INPUT -p tcp -dport 21 -m state -state NEW -j ACCEPT #iptables -A INPUT -p tcp -i $OUT -dport 6036 -j ACCEPT Iptables -A INPUT -p tcp -i $IN -m multiport -dport 80,443,10000 -j ACCEPT Iptables -A INPUT -p udp -i $IN -dport 123 -j ACCEPT Iptables -A INPUT -p udp -i $IN -dport 161 -j ACCEPT #iptables -A INPUT -p tcp -i $IN -dport 9999 -j ACCEPT Iptables -A INPUT -p udp -i $IN -m multiport -dport 137,138 -j ACCEPT Iptables -A INPUT -p tcp -i $IN -m multiport -dport 139,445 -j ACCEPT #iptables -A INPUT -p udp -dport 1194 -j ACCEPT Iptables -A INPUT -p 139 -i ppp0 -j ACCEPT Iptables -A INPUT -p 139 -i ppp1 -j ACCEPT Iptables -A INPUT -p icmp -i ppp1 -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i $OUT -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i eth2 -icmp-type echo-request -j ACCEPT Iptables -A INPUT -p icmp -i $IN -icmp-type echo-request -j ACCEPT # Statistics and auths for customers, ping tests Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
# any established or related conns are welcome Iptables -A INPUT -p tcp -tcp-flags ACK,URG URG -j DROP # URG is the only bit set, without the expected accompanying ACK
Iptables -A INPUT -p tcp -tcp-flags ACK,PSH PSH -j DROP # PSH is the only bit set, without the expected accompanying ACK Iptables -A INPUT -p tcp -tcp-flags ACK,FIN FIN -j DROP # FIN is the only bit set, without the expected accompanying ACK Iptables -A INPUT -p tcp -tcp-flags FIN,RST FIN,RST -j DROP Iptables -A INPUT -p tcp -tcp-flags SYN,RST SYN,RST -j DROP Iptables -A INPUT -p tcp -tcp-flags SYN,FIN SYN,FIN -j DROP Iptables -A INPUT -p tcp -tcp-flags ALL NONE -j DROP Iptables -A INPUT -p icmp -icmp-type timestamp-request -j DROP Iptables -A INPUT -s $admin_ips -m state -state NEW -j ACCEPT
0 kommentar(er)
