2009 iulie 04 « Aspects of computer security

Nu-mi place UFW-ul, firewall-ul care vine implicit cu Ubuntu. Poate si pentru ca atunci cind e vorba de firewall-uri prefer sa il configurez eu singur. Cum arata la mine scheletul de la care pornesc?

touch /opt/tools/script/firewall
sudo chown root:root /opt/tools/script/firewall
sudo chmod 755 /opt/tools/script/firewall
sudo ln -s /opt/tools/script/firewall /etc/init.d/firewall

Continutul fisierul /opt/tools/script/firewall este:
#!/bin/sh -e

### BEGIN INIT INFO
# Provides:          My own Firewall
# Required-Start:    mountall
# Required-Stop:     
# Default-Start:     S
# Default-Stop:      
# Short-Description: start firewall
### END INIT INFO

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

. /lib/lsb/init-functions

error=0
case "$1" in
start)
 log_action_begin_msg "Appling the firewall rules:"
 iptables --table filter --flush
 iptables --table filter --delete-chain
 iptables --table filter --zero
 #iptables --table filter --policy INPUT DROP
 #iptables --table filter --policy OUTPUT DROP
 #Accept ICMP Type 8 Echo Replay Request and Type 0 Echo Replay.
 iptables --table filter --append INPUT --protocol icmp --icmp-type 8 -s 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append INPUT --protocol icmp --icmp-type 0 -s 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append OUTPUT --protocol icmp --icmp-type 0 -d 0/0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
 iptables --table filter --append OUTPUT --protocol icmp --icmp-type 8 -d 0/0 --match state --state NEW,ESTABLISHED,RELATED --jump ACCEPT
 #Accept Localhost
 iptables --table filter --append INPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
 iptables --table filter --append OUTPUT --source 127.0.0.1 --destination 127.0.0.1 --match state --state NEW --jump ACCEPT
 #Accept DHCP    
 iptables --table filter --append INPUT --protocol udp --destination-port 67 --jump ACCEPT
 iptables --table filter --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
 #Drop windows broadcast
 iptables --table filter --append INPUT --protocol udp --match udp --dport 137:138 --jump DROP
 iptables --table filter --append INPUT --jump LOG --match limit --limit 5/min --log-level 4 --log-prefix "INPUT CHAIN DROP"
 iptables --table filter --append INPUT --jump DROP
 log_action_end_msg $error
 exit $error
 ;;

stop)
 log_action_begin_msg "Removing the firewall rulles:"
 iptables --table filter --flush
 iptables --table filter --delete-chain
 iptables --table filter --zero
 log_action_end_msg $error
 exit $error
 ;;
status)
 iptables -L
 log_action_end_msg $error
 exit $error
 ;;
*)
 echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}"
 exit 1
 ;;
esac

si la sfirsit:

sudo update-rc.d -f ufw remove # to remove the ufw firewall

sudo update-rc.d firewall defaults

L	M	Mi	J	V	S	D
« Iun				Aug »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

	Cezar on Metasploit 3.3
	Nu conteaza on Metasploit 3.3
	Lynda Stiff on Darwin Awards
	Cezar on Rapid7 cumpara proiectul …
	TT on Carte ce pare ca merita c…

Daily Archive

Crearea unui firewall implicit in Ubuntu.

Blogroll

Web Security

Etichete

Top Posts

comentarii recente

Arhivă