Linux.com

Home Linux Community Forums Linux System Administration Linux Security Re:Share some iptables configuration options

Re:Share some iptables configuration options

Link to this post 22 Nov 09

This is my old firewall script with the comments included, this simple one worked pretty well.

Since then I have made a much more complicated and modular one, I will share that when it is complete.

#!/bin/bash
########################################################
# START THE FIREWALL SCRIPT #
########################################################


# Flush the current rules
iptables -F

# Block all forwarding
iptables -A FORWARD -s 0/0 -j DROP

# Allow all input into loopback
iptables -A INPUT -i lo -j ACCEPT

# Allow 4 pings per minute to block ping DOS attacks
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/m -j ACCEPT

# Allow all echo replies including destination unreachable and time exceeded
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT

# Block all other icmp traffic
iptables -A INPUT -p icmp -j DROP

# Allow all response traffic
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# block all other incoming traffic
iptables -A INPUT -j DROP

# Display confirmation message
RED=$'\e[31;01m'
NORMAL=$'\e[0m'
echo "${RED}Firewall Started.....${NORMAL}"

Link to this post 21 May 10

#Limit the number of connections via SSH a 1 in 30 seconds, what prevents brute force password
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 30 --name SSHT --rsource -j DROP
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSHT --rsource -j ACCEPT

Link to this post 22 May 10

That is a nice addition, that can be usful to work with the invalid attempt option in sshd to prevent breakins.

Link to this post 11 Aug 10

Not sure if i am allowed to post here, but
I am looking for an IPtables config that will try to stop brute force imap logins.

is there a way i can put a time limit on the amount of attempts that an ip has to log into IMAP port and block the address if its exceeded?

Many thanks in advance.

Link to this post 12 Aug 10

I am not fully versed in the communication methods and ports used for IMAP communication, but if you can pin down the basic packet structure of IMAP logins then you can develop n iptable rule to accomplish your task.

Link to this post 15 Aug 10

I think the best way to prevent brute force attack's to your logins on any service is not in the firewall, try using pam modules, for ssh try pam-abl (http://tech.tolero.org/blog/en/linux/ssh-password-brute-force-protection).

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board