First page Back Continue Last page Summary Graphics

Linux Security

  • Allowing an incoming service:
  • iptables -t nat -a POSTROUTING -o <outside> -j MASQUERADE
  • insmod ip_conntrack
  • insmod ip_conntrack_ftp
  • iptables -N block
  • iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
  • iptables -A block -m state --state new -i ! <outside> -j ACCEPT
  • iptables -A block -m state --state new -i <outside> -p <protocol> --dport \ <port> -j ACCEPT
  • iptables -A block -j DROP
  • iptables -A INPUT -j block
  • iptables -A FORWARD -j block