Differences

This shows you the differences between two versions of the page.


firewall [2015/07/02 15:29] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Firewalls ======
 +
 +  * [[Security]]
 +  * [[iptables]]
 +  * [[nmap]]
 +  * [[quicktables]]
 +  * [[ufw]]
 +
 +==== iptables ====
 +
 +I like using [[quicktables]] to setup a basic IPtables ruleset quickly.
 +
 +=== Setting up a Firewall ===
 +
 +Before setting up a firewall, it's a good idea to setup a cron job that will reset it in case something goes wrong.
 +
 +== CentOS ==
 +
 +CentOS by default does not save the ruleset on restart.
 +
 +The system configuration is at ''/etc/sysconfig/iptables-config''
 +
 +<code>*/5 * * * * /etc/init.d/iptables restart</code>
 +
 +=== FTP ===
 +
 +<code>
 +$iptables -A INPUT -p tcp --dport 20 -j ACCEPT
 +$iptables -A INPUT -p tcp --dport 21 -j ACCEPT
 +$iptables -A INPUT -p tcp --dport 50000:50400 -j ACCEPT
 +</code>
 +
 +=== Netatalk ===
 +
 +<code>
 +$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 548 -j ACCEPT
 +</code>
 +
 +=== Monit ===
 +
 +<code>
 +$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 2812 -j ACCEPT
 +</code>
 +
 +=== Multicast DNS ===
 +
 +The avahi daemon uses multicast DNS to advertise services on the network.
 +
 +<code>
 +$iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
 +$iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
 +</code>
 +
 +=== Samba ===
 +
 +<code>
 +$iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
 +</code>
 +
 +==== quicktables ====
 +
 +You can use quicktables to quickly generate a simple firewall rules set.
 +
  

Trace:

Navigation
QR Code
QR Code firewall (generated for current page)