do ÂściÂągnięcia | pobieranie | ebook | download | pdf

[ Pobierz całość w formacie PDF ]

79
Appendix I. Example scripts codebase
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state  state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -m limit  limit 3/minute  limit-burst 3 \
-j LOG  log-level DEBUG  log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we don t want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit  limit 3/minute  limit-burst 3 \
-j LOG  log-level DEBUG  log-prefix "IPT OUTPUT packet died: "
Example rc.DHCP.firewall script
#!/bin/sh
#
# rc.firewall - DHCP IP Firewall script for Linux 2.4.x and iptables
#
# Copyright (C) 2001 Oskar Andreasson
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program or from the site that you downloaded it
# from; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
#
###########################################################################
#
# 1. Configuration options - use these to quicken up the set up.
#
###########################################################################
#
# Local Area Network configuration.
#
# your LAN s IP range and localhost IP. /24 means to only use the first 24
80
Appendix I. Example scripts codebase
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
LAN_IP="192.168.0.2"
LAN_IP_RANGE="192.168.0.0/16"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
###########################################################################
#
# Localhost configuration.
#
# Localhost Interface and IP. Should not need any changes.
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
###########################################################################
#
# Internet configuration.
#
# All information pertaining to the Internet and the Internet connection.
#
INET_IFACE="eth0"
###########################################################################
#
# DHCP Configuration.
#
# Information pertaining to DHCP over the Internet, if needed.
#
# Set DHCP variable to No if you don t get IP from DHCP. If you get DHCP
# over the Internet set this variable to Yes, and set up the proper IP
# adress for the DHCP server in the DHCP_SERVER variable.
#
DHCP="No"
DHCP_SERVER="195.22.90.65"
###########################################################################
#
# PPPOE Configuration.
#
# Configuration options pertaining to PPPoE.
#
# If you have problem with your PPPoE connection, such as large mails not
# getting through while small mail get through properly etc, you may set
# this option to "yes" which may fix the problem. This option will set a
# rule in the PREROUTING chain of the mangle table which will clamp
# (resize) all routed packets to PMTU (Path Maximum Transmit Unit).
#
# Note that it is better to set this up in the PPPoE package itself, since
# the PPPoE configuration option will give less overhead.
#
PPPOE_PMTU="No"
###########################################################################
#
# IPTABLES configuration.
#
# Options pertaining to iptables such as searchpath, etc.
#
81
Appendix I. Example scripts codebase
IPTABLES="/usr/sbin/iptables"
###########################################################################
#
# 2. Module loading.
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • nutkasmaku.keep.pl



    • Odnośniki

       © Ten facet miałby wodzić za nos francuską policję... w takich mokasynach?. Design: spyka webmaster | Free Web Templates