[LUG.ro] Puertos y Squid

Jose Luis Diaz lugro@lugro.org.ar
Wed, 10 Sep 2003 13:42:34 -0300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 10 September 2003 10:20, Alfredo Rezinovsky wrote:
> >  Un ejemplo de como cerrar los puertos a internet:
> >
> >   iptables -P INPUT DROP
> >   iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
> >   iptables -A INPUT -m state --state NEW -i ! interfaz_de_internet -j
>
> ACCEPT
>
> Un consejo.
>
> La policies siempre deberian ir en ACCEPT y como ultima regla un DROP o
> REJECT.
>
> iptables -P INPUT ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! interfaz_de_internet -j ACCEPT
> iptables -A INPUT -j DROP

Pongamos RANDOM rejects rules :-D :-D usen la guia de rusty para el filtrado 
simple...

# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP

# iptables -A INPUT -j block
# iptables -A FORWARD -j block

dale que va!! DROP DEFAULT!! DROP DEFAULT!! STATE FULL!! Y si haces flush con 
un drop como politica por default JODETE! :-D

- -Jx


- -- 
José Luis Diaz - jose@citynet.net.ar            /"\  ASCII Ribbon Campaign
GNU/Linux Registered User #138499               \ /  No HTML in mail or news!
RTFM! - http://rtfm.org.ar                       X
"Kernel Panic - No signature found"             / \
- --
PGPkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7BCD2757
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/X1R6M4NSjXvNJ1cRAjU8AJwPkyM89WAbo6it4/JIgkvav2jyaQCcDMzE
7TaXnxomwbmElhWrRMgxPVQ=
=sC48
-----END PGP SIGNATURE-----