generalconfig / root / iptables.rules /
Newer Older
51 lines | 2.012kb
version récente du filtrage ...
Sébastien authored on 2023-04-24
1
# vim: set ft=iptables :
initial commit
admin cloud-section (root) authored on 2016-12-10
2
-X
3
-F
4
-P INPUT DROP
5
-P FORWARD DROP
6
-P OUTPUT DROP
7

            
8
# on autorise les boucles locales
9
-A INPUT -i lo -j ACCEPT
version récente du filtrage ...
Sébastien authored on 2023-04-24
10
-A OUTPUT -o lo -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
11
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
12

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
13
-A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
14

            
15
# DNS
version récente du filtrage ...
Sébastien authored on 2023-04-24
16
-A OUTPUT -p udp --dport domain -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
17

            
adaptation de la conf iptabl...
admin cloud-section (root) authored on 2017-02-17
18
# http
version récente du filtrage ...
Sébastien authored on 2023-04-24
19
-A INPUT  -p tcp -m multiport --dports http,https -j ACCEPT
20
-A INPUT  -p tcp -m multiport --sports http,https -j ACCEPT
21
-A OUTPUT -p tcp -m multiport --sports http,https -j ACCEPT
22
-A OUTPUT -p tcp -m multiport --dports http,https -j ACCEPT
23
#-A INPUT  -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT
24
#-A INPUT  -p tcp -m state --state ESTABLISHED     -m multiport --sports http,https -j ACCEPT
25
#-A OUTPUT -p tcp -m state --state ESTABLISHED     -m multiport --sports http,https -j ACCEPT
26
#-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
27

            
28
-A OUTPUT -p tcp --destination 127.0.0.1 --dport http-alt -j ACCEPT
29
-A OUTPUT -p tcp --destination 127.0.0.1 --sport http-alt -j ACCEPT
30

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
31
-A INPUT  -p tcp --dport ssh --source 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT
32
-A OUTPUT -p tcp --dport ssh --destination 192.168.1.51,192.168.1.52 -j ACCEPT
33
-A OUTPUT -p tcp --sport ssh --destination 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT
34
-A OUTPUT -p tcp --dport 2202 --destination 78.193.238.123 -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
35

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
36
-A OUTPUT -m state --state NEW,ESTABLISHED -p tcp -m multiport --dports ssmtp,imaps -j ACCEPT
37
-A INPUT  -m state --state ESTABLISHED     -p tcp -m multiport --sports ssmtp,imaps -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
38

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
39
-A OUTPUT -m state --state NEW,ESTABLISHED -p udp --dport ntp -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
40

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
41
-A OUTPUT -p tcp --destination 80.67.160.80 -j ACCEPT
42
-A INPUT  -p tcp --source      80.67.160.80 -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
43

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
44
-A OUTPUT -p tcp --destination 192.168.1.254 -m multiport --dports microsoft-ds,netbios-ssn -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
45

            
version récente du filtrage ...
Sébastien authored on 2023-04-24
46
-A OUTPUT -m udp -p udp --destination 192.168.1.54 --dport snmp -j ACCEPT
initial commit
admin cloud-section (root) authored on 2016-12-10
47

            
48
-A INPUT   -j DROP
49
-A FORWARD -j DROP
50
-A OUTPUT  -j DROP
51