ACCEPT Rules

Previous page
Table of content
Next page


ACCEPT Rules

Only now can you add in all your ACCEPT rules. After you have finished with those rules, you will want to add in your default catch all DROP and LOG rule. Remember the cardinal rule, "unless allow, deny." This rule, which is put in at the end of all your rules, accomplishes that.

 iptables -N FINAL_DROP iptables -A OUTPUT -j FINAL_DROP iptables -A INPUT -j FINAL_DROP iptables -A FORWARD -j FINAL_DROP iptables -A FINAL_DROP -m limit --limit 1/second \   -j LOG --log-level info --log-prefix "Final DROP "\   --log-tcp-sequence --log-tcp-options \   --log-ip-options iptables -A FINAL_DROP -j DROP

And finally, IP forwarding can be turned back on. We always like to turn forwarding off while we are loading new rules because sometimes you can get into a race condition where bad packets might slip through before your rules are fully in place.

 echo 1 > /proc/sys/net/ipv4/ip_forward


    Previous page
    Table of content
    Next page
    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169
    BUY ON AMAZON
    High-Speed Signal Propagation[c] Advanced Black Magic
    Cisco IOS in a Nutshell (In a Nutshell (OReilly))
    The Java Tutorial: A Short Course on the Basics, 4th Edition
    Service-Oriented Architecture (SOA): Concepts, Technology, and Design
    Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
    GDI+ Programming with C#
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy