Browse Source

H5: Add note about new iptables firewall ruleset

master
Pekka Helenius 3 years ago
committed by GitHub
parent
commit
a53e0be5a5
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
  1. +18
    -0
      exercises/h5.md

+ 18
- 0
exercises/h5.md View File

@ -178,6 +178,24 @@ Executing /lib/systemd/systemd-sysv-install enable ufw
### iptables configuration
---------------
**NOTE:** A iptables ruleset for a simple SSH+HTTP server setup has been uploaded to this repository, you may want to check it out: [Fincer/linux-server-setup - iptables.rules](https://github.com/Fincer/linux-server-setup/blob/master/other/iptables.rules).
These rules do the following:
1) Do not respond to ping echoes by clients (possibly reduce spambots)
2) Drop all incoming connections, apply only SSH, HTTP and HTTPS
3) Drop packets if the client connection is too intense. May be useful against port scanners such as [Nmap](nmap.org).
The ruleset file has basic installation steps in the header section.
---------------
A basic iptables configuration for incoming SSH requests is as follows:
**1.** Remove UFW from the Linux system, and remove all relevant UFW entries from iptables firewall rule list.
**NOTE:** Warning: (May) delete other important iptables rules configured by system administration!


Loading…
Cancel
Save