Changes between Initial Version and Version 1 of jazz/13-04-17/Lab2


Ignore:
Timestamp:
Apr 17, 2013, 1:07:40 AM (12 years ago)
Author:
jazz
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • jazz/13-04-17/Lab2

    v1 v1  
     1= iptables-save =
     2{{{
     3echo "drop ping and traceroute"
     4iptables -A INPUT -i eth0 -p icmp -s any/0 --icmp-type 8 -j DROP
     5iptables -A OUTPUT -o eth0 -p icmp --icmp-type 3 -d any/0 -j DROP
     6iptables -A OUTPUT -o eth0 -p icmp --icmp-type 11 -d any/0 -j DROP
     7}}}
     8{{{
     9# 11-04-17 : disable SYN attack - by Jazz
     10# Ref: http://forums.cpanel.net/f5/too-many-conns-fin_wait2-time_wait-status-49580.html
     11iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
     12iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
     13iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
     14iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
     15}}}