Scribd Logo
Upload

Welcome to Scribd!

  • Some Policies On Linux

    Uploaded by

    Jame Jame
    9 views1 page
    Some Policies on Linux

    Original Title

    Some Policies on Linux

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Some Policies on Linux

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views1 page

    Some Policies On Linux

    Uploaded by

    Jame Jame
    Some Policies on Linux

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    vim /etc/sysconfig/iptables

    ================================

    # Firewall configuration written by system-config-firewall


    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :syn-flood - [0:0]
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    #-A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A INPUT -s 10.0.0.0/8 -p tcp --dport 21 -j ACCEPT
    -A INPUT -s 43.255.112.0/22 -p tcp --dport 21 -j ACCEPT
    -A INPUT -s 103.5.124.0/22 -p tcp --dport 21 -j ACCEPT
    -A INPUT -s 146.88.200.0/21 -p tcp --dport 21 -j ACCEPT
    #-A INPUT -s 103.5.124.0/22 -p tcp --dport 21 -j ACCEPT
    #-A INPUT -s 43.255.112.0/22 -p tcp --dport 21 -j ACCEPT
    #-A INPUT -s 172.16.0.0/12 -p tcp --dport 21 -j ACCEPT
    -A INPUT -i eth1 -j ACCEPT
    -A INPUT -s 116.31.116.17 -j DROP
    -A INPUT -p icmp -j ACCEPT
    #-A INPUT -s 103.5.124.0/22 -p icmp -j ACCEPT
    #-A INPUT -s 216.146.32.0/20 -p icmp -j ACCEPT
    #-A INPUT -s 43.255.112.0/22 -p icmp -j ACCEPT
    #-A INPUT -s 172.16.0.0/12 -p icmp -j ACCEPT
    #-A INPUT -s 146.88.200.0/21 -p icmp -j ACCEPT
    -A INPUT -s 103.5.124.251 -p tcp --dport 3306 -j ACCEPT
    -A OUTPUT -p tcp --sport 20 -j ACCEPT
    #-A INPUT -s 10.0.0.0/8 -p icmp -j ACCEPT
    -A INPUT -p tcp -m multiport --dports 80,8080,443,5060 -j ACCEPT
    -A INPUT -p udp -m multiport --dports 8080,5060 -j ACCEPT
    -A syn-flood -m limit --limit 100/sec --limit-burst 150 -j RETURN
    -A syn-flood -j LOG --log-prefix "SYN flood: "
    -A syn-flood -j DROP
    -A FORWARD -j DROP
    -A INPUT -j DROP
    COMMIT
    ~

    ===========================================================
    vim /etc/ssh/sshd_conf
    Port 22
    #Deny Root login
    PermitRootLogin no
    AllowUsers cootel data2

    ======================================================
    #check who try to access our system
    vim /var/log/secure

    You might also like