From a53e0be5a5879dbdac5fcc5a85151f18b3f16452 Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Fri, 21 Sep 2018 18:18:37 +0300 Subject: [PATCH] H5: Add note about new iptables firewall ruleset --- exercises/h5.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/exercises/h5.md b/exercises/h5.md index d1ff424..73d4f07 100644 --- a/exercises/h5.md +++ b/exercises/h5.md @@ -178,6 +178,24 @@ Executing /lib/systemd/systemd-sysv-install enable ufw ### iptables configuration +--------------- + +**NOTE:** A iptables ruleset for a simple SSH+HTTP server setup has been uploaded to this repository, you may want to check it out: [Fincer/linux-server-setup - iptables.rules](https://github.com/Fincer/linux-server-setup/blob/master/other/iptables.rules). + +These rules do the following: + +1) Do not respond to ping echoes by clients (possibly reduce spambots) + +2) Drop all incoming connections, apply only SSH, HTTP and HTTPS + +3) Drop packets if the client connection is too intense. May be useful against port scanners such as [Nmap](nmap.org). + +The ruleset file has basic installation steps in the header section. + +--------------- + +A basic iptables configuration for incoming SSH requests is as follows: + **1.** Remove UFW from the Linux system, and remove all relevant UFW entries from iptables firewall rule list. **NOTE:** Warning: (May) delete other important iptables rules configured by system administration!