iptable 샘플
페이지 정보
본문
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
# 관리자 컴퓨터
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.0.1 -j ACCEPT
# 서비스포트
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 110 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.0.140 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
####### DNS 서비스 추가시 참조 ######
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
#mDNS
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 110 -j ACCEPT
# 관리자 컴퓨터
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.0.1 -m tcp -p tcp -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
# 관리자 컴퓨터
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.0.1 -j ACCEPT
# 서비스포트
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 110 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.0.140 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
####### DNS 서비스 추가시 참조 ######
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
#mDNS
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 110 -j ACCEPT
# 관리자 컴퓨터
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.0.1 -m tcp -p tcp -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
- 이전글파일의 허가권(-rwxr-xr-x) 와(-rwsr-xr-x)의 차이점 21.02.10
- 다음글서버 점검 사항 21.02.10
댓글목록
등록된 댓글이 없습니다.