reBonjour,
je compte mettre un parfeu sur mon serveur.
j'ai un systeme http, ftp, mail, dns
1 carte reseau relier au web
je pense donc faire ca:
#WWW
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#FTP
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#IMAP
iptables -A OUTPUT -p tcp --dport 143 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 143 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#SMTP
iptables -A OUTPUT -p tcp --dport 25 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
quesque vous en pensez? c'est juste? car les commande vienne pas de moi... je les ai trouver sur le net.
je compte mettre un parfeu sur mon serveur.
j'ai un systeme http, ftp, mail, dns
1 carte reseau relier au web
je pense donc faire ca:
#WWW
iptables -A OUTPUT -p tcp --dport 80 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#FTP
iptables -A OUTPUT -p tcp --dport 21 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#IMAP
iptables -A OUTPUT -p tcp --dport 143 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 143 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#SMTP
iptables -A OUTPUT -p tcp --dport 25 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
quesque vous en pensez? c'est juste? car les commande vienne pas de moi... je les ai trouver sur le net.
