Iptables -A INPUT -p tcp -m tcp -dport 22 -m limit -limit 48/hour -j ACCEPT # if it makes more attempts the door is closed till 5 minutes are over. # only allow 5 TCP/SYN packets to port 22 from an IP address in 5 minutes. Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Accept packets belonging to established and related connections # Set default policies for INPUT, FORWARD and OUTPUT chains Iptables -A INPUT -p tcp -dport 80 -j ACCEPT Iptables -A INPUT -p tcp -dport 22 -j ACCEPT # This is essential when working on remote servers via SSH to prevent locking yourself out of the system Next, I created the following file at /root/myfirewall: #!/bin/bash Those two steps should have the effect of undo-ing my firewall rules every 15 minutes, in case I screw them up. Next, I added this entry to the root user crontab, using the crontab -e command: # undo the iptables stuff in case i mess it up Mv /etc/sysconfig/iptables /tmp > $OUT 2>&1 ![]() ![]() As a quick note to self, here’s how I configured the firewall rules on a new CentOS 6 Linux server recently.įirst, I created an “undo” script at /root/undo-iptables with these contents: #!/bin/sh
0 Comments
Leave a Reply. |