Changes between Version 1 and Version 2 of TipAndDoc/network/iptables


Ignore:
Timestamp:
Jul 2, 2009 10:55:57 PM (15 years ago)
Author:
mitty
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TipAndDoc/network/iptables

    v1 v2  
    99   * [http://www.atmarkit.co.jp/flinux/index/indexfiles/iptablesindex.html 連載記事 「習うより慣れろ! iptablesテンプレート集」] 
    1010 
     11 = 設定ファイル = #conffile 
     12 * Ubuntu => [../ufw] 
     13 * CentOS 
     14   * /etc/sysconfig/iptables 
     15{{{ 
     16# Firewall configuration written by system-config-securitylevel 
     17# Manual customization of this file is not recommended. 
     18*filter 
     19:INPUT ACCEPT [0:0] 
     20:FORWARD ACCEPT [0:0] 
     21:OUTPUT ACCEPT [0:0] 
     22:RH-Firewall-1-INPUT - [0:0] 
     23-A INPUT -j RH-Firewall-1-INPUT 
     24-A FORWARD -j RH-Firewall-1-INPUT 
     25-A RH-Firewall-1-INPUT -i lo -j ACCEPT 
     26-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT 
     27-A RH-Firewall-1-INPUT -p 50 -j ACCEPT 
     28-A RH-Firewall-1-INPUT -p 51 -j ACCEPT 
     29-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT 
     30-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 
     31-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 
     32-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
     33-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
     34-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
     35COMMIT 
     36}}} 
     37     * sshのみListen可