Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
linux:firewall [2013/04/05 15:08]
zagi
linux:firewall [2019/04/15 10:18] (current)
zagi
Line 208: Line 208:
 # echo-reply # echo-reply
 #$IPTB -A INPUT -p icmp --icmp-type 0 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp0 -j ACCEPT #$IPTB -A INPUT -p icmp --icmp-type 0 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp0 -j ACCEPT
 +# unreachables
 $IPTB -A INPUT -p icmp --icmp-type 3 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp3 -j ACCEPT $IPTB -A INPUT -p icmp --icmp-type 3 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp3 -j ACCEPT
 +# source-quench (depreciated)
 #$IPTB -A INPUT -p icmp --icmp-type 4 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp4 -j ACCEPT #$IPTB -A INPUT -p icmp --icmp-type 4 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp4 -j ACCEPT
 +# timeout (forward loop prevention)
 $IPTB -A INPUT -p icmp --icmp-type 11 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp11 -j ACCEPT $IPTB -A INPUT -p icmp --icmp-type 11 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp11 -j ACCEPT
 +# parameter problem
 $IPTB -A INPUT -p icmp --icmp-type 12 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp12 -j ACCEPT $IPTB -A INPUT -p icmp --icmp-type 12 -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp12 -j ACCEPT
 #icmp-traceroute #icmp-traceroute
Line 236: Line 240:
 $IPTB -A FORWARD -m state --state INVALID -j DROP $IPTB -A FORWARD -m state --state INVALID -j DROP
 $IPTB -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTB -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-$IPTB -A FORWARD -m state --state NEW -i $INTERNET -j ACCEPT+$IPTB -A FORWARD -m state --state NEW -i $INTERNET -j ACCEPT
  
 $IPTB -A FORWARD -m pkttype --pkt-type broadcast -j DROP $IPTB -A FORWARD -m pkttype --pkt-type broadcast -j DROP
linux/firewall.1365167297.txt.gz ยท Last modified: 2013/04/05 15:08 by zagi
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready