Firewall (iptables)

From Alessandro's Wiki
Revision as of 15:24, 15 October 2006 by Porcelinux (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Impostare un firewall su una macchina linux

  • vedere la configurazione attuale:
iptables -L
  • Configurazione mia:
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:46590
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:46720
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
  • Aggiungere una regola per accettare connessioni su l porta 5901 (vncserver)
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
  • Salvare la configurazione in un File:
iptables-save > backup_iptables
  • Recuperare una configurazione salvata in un file:
iptables-restore < backup_iptables
Retrieved from "https://wiki.alessandro.delgallo.net//index.php?title=Firewall_(iptables)&oldid=1491"