![]() Verifying DISA STIG Compliance with OpenSCAP - Part 2 Host-based Intrustion Detection System (HIDS)īash - Conditional structures if and case Using A New Zone - Adding Administrative IPs Pkts bytes target prot opt in out source destinationĠ 0 ACCEPT all - lo * 0.0.0.0/0 0.0.0.0/0Ġ 0 ACCEPT tcp - eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22Ġ 0 ACCEPT tcp - eth1 * 10.1.1.0/24 0.0.0.0/0Ĭhain FORWARD (policy DROP 0 packets, 0 bytes)Ĭhain OUTPUT (policy DROP 3 packets, 228 bytes)Ġ 0 ACCEPT all - * lo 0.0.0.0/0 0.0.0.0/0Ġ 0 ACCEPT tcp - * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:22Ġ 0 ACCEPT tcp - * eth1 0.0.0.0/0 10.1.1.0/24Ī possible solution, where leftnet is the internal and rightnet is the external network.Building and Installing Custom Linux KernelsĪutomatic Template Creation - Packer - Ansible - VMware vSphere ~]# iptables -nvLĬhain INPUT (policy DROP 7 packets, 609 bytes) ![]() Together with the previous examples, the policy is expanding. There is no port (application) limitation here. This example shows how to allow access from any computer in the 10.1.1.0/24 network, but only through eth1. Looking at the filter table again (omitting -t filter because it is the default table). ~]# iptables -A INPUT -i lo -j ~]# iptables -A OUTPUT -o lo -j ACCEPT We first append a rule to the INPUT chain to allow (ACCEPT) traffic from the lo (loopback) interface, then we do the same to allow packets to leave the system through the loopback interface. Next, we allow the server to use its own loopback device (this allows the server to access its services running on localhost). ~]# iptables -P INPUT ~]# iptables -P FORWARD ~]# iptables -P OUTPUT DROP Note that you might lose your connection when typing this over ssh -). ![]() To start, let's set the default policy for all three chains to drop everything. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |