Tag Archives: iptables

linux secure smtp

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable

iptables save centos 7

Leave a reply

/usr/libexec/iptables/iptables.init save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

iptables block outgoing smtp

Leave a reply


iptables -I OUTPUT 1 -p tcp --dport 25 -j DROP

iptables -I OUTPUT 1 -p tcp --dport 587 -j DROP

logging iptables packets with ulogd

Leave a reply

sudo apt-get install ulogd

If you want log dropped packets, lets do this:

-A INPUT -p tcp -m tcp –tcp-flags FIN,SYN,RST,ACK SYN -j ULOG
-A INPUT -p tcp -m tcp –tcp-flags FIN,SYN,RST,ACK SYN -j DROP

iptables redirect outgoing traffic to local port

Leave a reply

iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination IP:80

apache syn flood

Leave a reply

iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP

also nginx can help as proxy.

centos iptables save rules

Leave a reply

iptables-save > /etc/sysconfig/iptables
iptables-restore

nginx as a reverse-proxy

Leave a reply

tar -zxf nginx-*.tar.gz cd nginx-*/ ./configure && make && sudo make install

vi nginx.conf
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 3; server { listen 1.2.3.4:81; server_name nginx; location / { proxy_pass http://1.2.3.4:80; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_max_temp_file_size 0; proxy_connect_timeout 20; proxy_send_timeout 20; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } }

iptables -t nat -I PREROUTING ! -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j DNAT --to :81

Limit max connections per IP

Leave a reply

iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 15 –connlimit-mask 32 -j REJECT –reject-with tcp-reset

iptables -A INPUT -m state –state RELATED,ESTABLISHED -m limit –limit 150/second –limit-burst 160 -j ACCEPT

iptables enable only ssh

Leave a reply


iptables -P INPUT DROP

iptables -P OUTPUT DROP

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT

limit ssh connection attempts

Leave a reply

iptables -I INPUT -p tcp –dport 22 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 3 -j DROP

limit incoming connections to destination port 22 not more than 3 in a minute

add comment to your iptables rule

1 Reply

iptables -A ….. -m comment –comment “${comment}” -j REQUIRED_ACTION

redirecting network traffic to a new IP using iptables

Leave a reply

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination xx.xx.xx.xx:80
iptables -t nat -A POSTROUTING -j MASQUERADE

limit apache connections per second

Leave a reply

iptables -A INPUT -p TCP –dport 80 –syn -m recent –name http –update –seconds 60 –hitcount 5 -j REJECT
iptables -A INPUT -p TCP –dport 80 –syn -m recent –name http –set

it will prevent someone making more than 5 connections in 60 seconds on port 80

iptables limit connections per IP

Leave a reply

iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 20 -j REJECT –reject-with tcp-reset

Server 24/7

I am Vitalijus Ryzakovas. This is my LINUX/UNIX blog.

Tag Archives: iptables

linux secure smtp

iptables save centos 7

iptables block outgoing smtp

logging iptables packets with ulogd

iptables redirect outgoing traffic to local port

apache syn flood

centos iptables save rules

nginx as a reverse-proxy

Limit max connections per IP

iptables enable only ssh

limit ssh connection attempts

add comment to your iptables rule

redirecting network traffic to a new IP using iptables

limit apache connections per second

iptables limit connections per IP