Linuxサーバーのファイアウォールの基本設定(http、ftp、ssh)
firewallコード下記:
iptables -N httpd_in
iptables -A httpd_in -m time ! –weekdays Mon -m string –algo kmp ! –string “admin" -m limit –limit 100/second -j ACCEPT
iptables -A httpd_in -j RETURN
iptables -N ftp_in
iptables -A INPUT -m time –weekdays 1,2,3,4 –start-time 09:30 –stop-time 19:00 -m limit –climit-rate 5/minute –modprobe="modprobe nf_conntrack_ftp" -j ACCEPT
iptables -A ftp_in -j RETURN
iptables -N ssh_in
iptables -A ssh_in -m iprange –src-range 192.168.1.1-192.168.10.100 -m limit –limit-rate 2/minute -j ACCEPT
iptables -A ftp_in -j RETURN
iptables -A INPUT -p tcp –dport 80 -d 192.168.1.20 -j httpd_in
iptables -A INPUT -p tcp –dport 21 -d 192.168.1.20 -j ftp_in
iptables -A INPUT -p tcp –dport 22 -d 192.168.1.20 -j ssh_in
iptables -A INPUT -d 192.168.1.20 -p icmp –icmp-type 8 -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE. -j DROP
iptables -I INPUT -m state ESTABLISHED,RELEATED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -I OUTPUT 1 -m state –state ESTABLISED,RELATED -j ACCEPT