คำถามน่ารู้

iptables -N FTPFILTER
iptables -A FTPFILTER -j REJECT
for i in `wget -qO - http://www.icez.net/files/thaiiplist`; do
iptables -I FTPFILTER -s $i -j ACCEPT
done
iptables -A INPUT -p tcp --dport 21 -j FTPFILTER



iptables -A INPUT -p tcp --dport 22 -j FTPFILTER



#************************************************
# Firewall
iptables -F
#
iptables -X


iptables -N ftp_pass
for i in `wget -qO - http://www.icez.net/files/thaiiplist`; do
iptables -A ftp_pass -s $i -j ACCEPT
done


iptables -N block_ip
iptables -A INPUT -j block_ip

## ���ǹ�����������Ѻ Block Email �֧�����Ũҡ www.spamhaus.org
iptables -N block_email
iptables -A INPUT -p tcp --dport 25 -j block_email
curl -s http://www.spamhaus.org/drop/drop.lasso |grep ^[1-9]|cut -f 1 -d ' ' | xargs -iX -n 1 /sbin/iptables -A block_email -s X -j DROP

#��ͧ�ѹ scan Port �������ҹ�
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

#��Ǩ�� State Full
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


#੾�� FTP ��ҹ�鹷����ҨС�ͧ ����������ⴴ� ftp_pass
iptables -A INPUT -p tcp --dport 21 -j ftp_pass
iptables -A INPUT -p tcp --dport 20 -j ACCEPT


#�Դ �������� access ੾�� Port ����ͧ���
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

#��ǹ������٨ҡ proftpd ����������Դ port 21 ��㹡��������� ��͹�Ѻ�觢����Ũ��� port 35000-35999
iptables -A INPUT -p tcp --dport 35000:35999 -j ACCEPT

# icmp ���Ѻ��������� ping �����
iptables -A INPUT -p icmp� -j ACCEPT

#�͡�˹�ͨҡ port �������Դ �� Block ��� (*** ���ѧ����觹�����դ�Ѻ ��ҷӺ�÷Ѵ��������Ҩ�� ssh ����� ��������������Դ੾�� IP ����ͧ��͹)
iptables -A INPUT -j DROP

Add to Favourites

Print this Article