This shows you the differences between two versions of the page.
Next revisionBoth sides next revision | |||
linux_firewall [2016/07/20 12:26] – vytvořeno root | linux_firewall [2016/07/20 12:27] – root | ||
---|---|---|---|
Line 16: | Line 16: | ||
iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT | iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT | ||
iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset | iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset | ||
+ | |||
+ | iptables -A INPUT -p tcp -s 81.31.45.41 --dport 22 -j ACCEPT | ||
+ | |||
+ | |||
+ | ip6tables -F | ||
+ | ip6tables -X | ||
+ | ip6tables -Z | ||
+ | |||
+ | ip6tables -P INPUT DROP | ||
+ | ip6tables -P FORWARD DROP | ||
+ | ip6tables -P OUTPUT ACCEPT | ||
+ | |||
+ | ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED, | ||
+ | ip6tables -A INPUT -i lo -j ACCEPT | ||
+ | ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP | ||
+ | ip6tables -A INPUT -s fe80::/10 -p ipv6-icmp -j ACCEPT | ||
+ | ip6tables -A INPUT -p udp -m conntrack --ctstate NEW -j REJECT --reject-with icmp6-port-unreachable | ||
+ | ip6tables -A INPUT -p tcp -m tcp --tcp-flags FIN, | ||
</ | </ |