Sample Firewall Script

azfar · Post by **azfar** » Fri Sep 02, 2005 3:56 pm

Where can I get a good security measures for linux. I have seen that there are few sample firewall scripts which block spoofed source addresses (private addresses on public interface), blocking SYN,ACK,FIN,RST RST or any other fragmented packets, protecting from DoS attacks etc.

AsadRasheed · Post by **AsadRasheed** » Fri Sep 02, 2005 9:41 pm

Dear azfar,

This is some littile help

This script using in my linux router.

#defend against port scans and DDOS attacks
#dealing with packets w/o syn flags when they are new
iptables -A FORWARD -i ppp0 -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "new no-SYN: "
iptables -A FORWARD -i ppp0 -p tcp ! --syn -m state --state NEW -j DROP
iptables -A FORWARD -i ppp0 -p tcp --tcp-flags ACK ACK -m state --state NEW -j LOG --log-prefix "New ACK: "

And also block all non standard tcp/ip packet , may be it can help

Regards,
M Asad Rasheed

azfar · Post by **azfar** » Sat Sep 03, 2005 12:48 pm

Thanks buddy I will ty it but I am looking for any advanced script.

AsadRasheed · Post by **AsadRasheed** » Sun Sep 04, 2005 6:43 am

What you mean about more advanced ?

I think try shorewall if you realy want to mess with it .

Regards,
M Asad Rasheed

Post by **LinuxFreaK** » Sun Sep 04, 2005 11:30 pm

Dear azfar,
Salam,

You can use http://firewall-jay.sourceforge.net/ and http://rfxnetworks.com/apf.php

FYI, http://the-devil.dnsalias.net/home/extremist

Best Regards.

linuxpakistan.net

Sample Firewall Script

Sample Firewall Script

salam

salam

Re: