[LUG.ro] Puertos y Squid
Jose Luis Diaz
lugro@lugro.org.ar
Wed, 10 Sep 2003 13:42:34 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 10 September 2003 10:20, Alfredo Rezinovsky wrote:
> > Un ejemplo de como cerrar los puertos a internet:
> >
> > iptables -P INPUT DROP
> > iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
> > iptables -A INPUT -m state --state NEW -i ! interfaz_de_internet -j
>
> ACCEPT
>
> Un consejo.
>
> La policies siempre deberian ir en ACCEPT y como ultima regla un DROP o
> REJECT.
>
> iptables -P INPUT ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! interfaz_de_internet -j ACCEPT
> iptables -A INPUT -j DROP
Pongamos RANDOM rejects rules :-D :-D usen la guia de rusty para el filtrado
simple...
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP
# iptables -A INPUT -j block
# iptables -A FORWARD -j block
dale que va!! DROP DEFAULT!! DROP DEFAULT!! STATE FULL!! Y si haces flush con
un drop como politica por default JODETE! :-D
- -Jx
- --
José Luis Diaz - jose@citynet.net.ar /"\ ASCII Ribbon Campaign
GNU/Linux Registered User #138499 \ / No HTML in mail or news!
RTFM! - http://rtfm.org.ar X
"Kernel Panic - No signature found" / \
- --
PGPkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7BCD2757
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/X1R6M4NSjXvNJ1cRAjU8AJwPkyM89WAbo6it4/JIgkvav2jyaQCcDMzE
7TaXnxomwbmElhWrRMgxPVQ=
=sC48
-----END PGP SIGNATURE-----