version récente du filtrage ...
|
1 |
# vim: set ft=iptables : |
initial commit
|
2 |
-X |
3 |
-F |
|
4 |
-P INPUT DROP |
|
5 |
-P FORWARD DROP |
|
6 |
-P OUTPUT DROP |
|
7 | ||
8 |
# on autorise les boucles locales |
|
9 |
-A INPUT -i lo -j ACCEPT |
|
version récente du filtrage ...
|
10 |
-A OUTPUT -o lo -j ACCEPT |
initial commit
|
11 |
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT |
12 | ||
version récente du filtrage ...
|
13 |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
initial commit
|
14 | |
15 |
# DNS |
|
version récente du filtrage ...
|
16 |
-A OUTPUT -p udp --dport domain -j ACCEPT |
initial commit
|
17 | |
adaptation de la conf iptabl...
|
18 |
# http |
version récente du filtrage ...
|
19 |
-A INPUT -p tcp -m multiport --dports http,https -j ACCEPT |
20 |
-A INPUT -p tcp -m multiport --sports http,https -j ACCEPT |
|
21 |
-A OUTPUT -p tcp -m multiport --sports http,https -j ACCEPT |
|
22 |
-A OUTPUT -p tcp -m multiport --dports http,https -j ACCEPT |
|
23 |
#-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT |
|
24 |
#-A INPUT -p tcp -m state --state ESTABLISHED -m multiport --sports http,https -j ACCEPT |
|
25 |
#-A OUTPUT -p tcp -m state --state ESTABLISHED -m multiport --sports http,https -j ACCEPT |
|
26 |
#-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT |
|
initial commit
|
27 | |
28 |
-A OUTPUT -p tcp --destination 127.0.0.1 --dport http-alt -j ACCEPT |
|
29 |
-A OUTPUT -p tcp --destination 127.0.0.1 --sport http-alt -j ACCEPT |
|
30 | ||
version récente du filtrage ...
|
31 |
-A INPUT -p tcp --dport ssh --source 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT |
32 |
-A OUTPUT -p tcp --dport ssh --destination 192.168.1.51,192.168.1.52 -j ACCEPT |
|
33 |
-A OUTPUT -p tcp --sport ssh --destination 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT |
|
34 |
-A OUTPUT -p tcp --dport 2202 --destination 78.193.238.123 -j ACCEPT |
|
initial commit
|
35 | |
version récente du filtrage ...
|
36 |
-A OUTPUT -m state --state NEW,ESTABLISHED -p tcp -m multiport --dports ssmtp,imaps -j ACCEPT |
37 |
-A INPUT -m state --state ESTABLISHED -p tcp -m multiport --sports ssmtp,imaps -j ACCEPT |
|
initial commit
|
38 | |
version récente du filtrage ...
|
39 |
-A OUTPUT -m state --state NEW,ESTABLISHED -p udp --dport ntp -j ACCEPT |
initial commit
|
40 | |
version récente du filtrage ...
|
41 |
-A OUTPUT -p tcp --destination 80.67.160.80 -j ACCEPT |
42 |
-A INPUT -p tcp --source 80.67.160.80 -j ACCEPT |
|
initial commit
|
43 | |
version récente du filtrage ...
|
44 |
-A OUTPUT -p tcp --destination 192.168.1.254 -m multiport --dports microsoft-ds,netbios-ssn -j ACCEPT |
initial commit
|
45 | |
version récente du filtrage ...
|
46 |
-A OUTPUT -m udp -p udp --destination 192.168.1.54 --dport snmp -j ACCEPT |
initial commit
|
47 | |
48 |
-A INPUT -j DROP |
|
49 |
-A FORWARD -j DROP |
|
50 |
-A OUTPUT -j DROP |
|
51 |