Iata o parte din firewall , il folosesc ca exemplu , el e mult mai mare ...
iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -N STUDIU iptables -N DOS iptables -N LOGURI iptables -N SSH_CHECK # Forta bruta SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK iptables -A SSH_CHECK -m recent --set --name SSH iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP #Syn-flood protection: iptables -A DOS -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 5 -j LOG --log-level info --log-prefix '#### Stealth Scan ####' iptables -A DOS -p tcp --syn -m limit --limit 1/s -j LOG --log-prefix "LOGURI 1/s flood protection" iptables -A DOS -p tcp --syn -m limit --limit 1/s -j ACCEPT # fragmented packets from start iptables -A INPUT -f -j LOG --log-prefix "LOGURI fragmentate" iptables -A INPUT -f -j DROP # new not syn iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "LOGURI new not syn" iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #Furtive port scanner: iptables -A DOS -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j LOG --log-prefix "LOGURI Port Scaner" iptables -A DOS -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Daca dau nmap -v -f 192.168.100.234 ar trebuii sa vad in tail -f /var/log/messages ceva cu #### Stealth Scan #### dar nu vad nimic ... de ce oare ?
am rulat nmap cu mai toate optiunile care le are sa vad daca se poate observa in messages ceva ... ei bine NIMIC /..... ce se intampla si cum pot rezolva ... va rog.
From "man iptables":
Csabi's BLOG
Linux registered user # 457717
Functioneaza acum corect , am testat cu nmap ... multumesc frumos
---------------------
[url=http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=432155]L... Registered User 432155 [/url]