Académique Documents
Professionnel Documents
Culture Documents
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# Set the default input policy to DROP all
iptables -D INPUT DROP
# By default allow all traffic out
iptables -P OUTPUT ACCEPT
# Disallow forwarding
iptables -P FORWARD DROP
# Allow preexisting connections. This should be at the start of the rule set
========
#iptables rules are:
iptables -A INPUT -p tcp --sport 25 -i em1 -s 192.168.0.0/16 -d 10.99.99.10 -j
ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -o em1 -s 10.195.0.0/16 -d 10.99.99.10 -j
ACCEPT
==================
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 7071 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.92 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 995 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 993 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 465 -j ACCEPT
## RULE CREATION
iptables -N RATE-LIMIT
iptables -A RATE-LIMIT -p tcp --dport 25 -m state --state NEW -m recent --set
iptables -A RATE-LIMIT -p tcp --dport 25 -m state --state NEW -m recent --update
--seconds 60 --hitcount 50 -j DROP
iptables -A RATE-LIMIT -j ACCEPT iptables -I INPUT -s 192.168.0.0/16 -p tcp --dport
25 -j ACCEPT
iptables -I INPUT -s 10.95.0.0/16 -p tcp --dport 25 -j ACCEPT
iptables -I INPUT --match conntrack --ctstate NEW -p tcp --dport 25 --jump RATE-
LIMIT