Règles Firewall de base linux
Hello voici mon script iptables Règles Firewall de base linux pour sécurisé votre serveur linux, évidement il faut adapter les régles pour votre infrastructure mais c’est pas mal comme base :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 53 --state NEW -j ACCEPT -A INPUT -p udp -m state -m udp --dport 53 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 443 --state NEW -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 10000 --state NEW -j ACCEPT -A INPUT -p udp -m udp --sport 27000:27030 --dport 1025:65355 -j ACCEPT -A INPUT -p udp -m udp --sport 4380 --dport 1025:65355 -j ACCEPT -A INPUT -p tcp -m state -m tcp --dport 8080 --state NEW -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth1 -j ACCEPT -A FORWARD -i eth2 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed |