AS201281 Wiki

Your check engine light is on!

User Tools

Site Tools


gnu_linux_server:network_configuration:firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
gnu_linux_server:network_configuration:firewall [2012/01/28 20:20] – Script (ajout init info + debug + correction syntaxe) guillaumegnu_linux_server:network_configuration:firewall [2021/01/04 20:41] (current) – external edit 127.0.0.1
Line 12: Line 12:
 <code bash> <code bash>
 deny_everything() { deny_everything() {
-    log_action_begin_msg "Denying all connections"+    print_debug "Denying all connections"
  
     iptables -t filter -P INPUT   DROP     iptables -t filter -P INPUT   DROP
Line 18: Line 18:
     iptables -t filter -P OUTPUT  DROP     iptables -t filter -P OUTPUT  DROP
  
-    log_action_end_msg $?+    end_debug $?
 } }
 </code> </code>
Line 25: Line 25:
 <code bash> <code bash>
 cleanup_tables() { cleanup_tables() {
-    log_action_begin_msg "Cleaning up tables"+    print_debug "Cleaning up tables"
  
     iptables -t filter -F     iptables -t filter -F
     iptables -t filter -X     iptables -t filter -X
  
-    log_action_end_msg $?+    end_debug $?
 } }
 </code> </code>
Line 37: Line 37:
 <code bash> <code bash>
 dont_break_connections() { dont_break_connections() {
-    log_action_begin_msg "Keeping active connections"+    print_debug "Keeping active connections"
  
     iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT     iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  
-    log_action_end_msg $?+    end_debug $?
 } }
 </code> </code>
Line 49: Line 49:
 <code bash> <code bash>
 allow_loopback() { allow_loopback() {
-    log_action_begin_msg "Allowing loopback"+    print_debug "Allowing loopback"
  
     iptables -t filter -A INPUT  -i lo -j ACCEPT     iptables -t filter -A INPUT  -i lo -j ACCEPT
     iptables -t filter -A OUTPUT -o lo -j ACCEPT     iptables -t filter -A OUTPUT -o lo -j ACCEPT
  
-    log_action_end_msg $?+    end_debug $?
 } }
 </code> </code>
Line 158: Line 158:
     iptables -A SPOOFED -s 192.168.0.0/16 -j DROP     iptables -A SPOOFED -s 192.168.0.0/16 -j DROP
     iptables -A SPOOFED -s 10.0.0.0/    -j DROP     iptables -A SPOOFED -s 10.0.0.0/    -j DROP
 +
 +    end_debug $?
 +}
 +
 +misc_config() {
 +    print_debug "Misc configurations"
 +
 +    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
 +    echo 0 > /proc/sys/net/ipv4/ip_forward 
 +    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts 
 +    echo 1 >/proc/sys/net/ipv4/conf/all/log_martians 
 +    echo 1 > /proc/sys/net/ipv4/ip_always_defrag
 +    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
 +    echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
 +    echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
 +    echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
  
     end_debug $?     end_debug $?
Line 322: Line 338:
  
     deny_spoofing     deny_spoofing
 +    misc_config
  
     # Starting fail2ban again     # Starting fail2ban again
gnu_linux_server/network_configuration/firewall.1327782006.txt.gz · Last modified: 2021/01/04 20:40 (external edit)