/etc/rc.d/rc.FireWall bug
Posted: 05 Dec 2012, 21:32
We need a firewall to fight against insider and outsider attackers...
A firewall should have appropriate "technics" to fight against attackers...
So...
I've noticed a bug in the policy area:
some code are missing...
I've noticed the issue when the iptables command said that the policy stays at ACCEPT...
[after "stop" then another "start", this occur]
I'm not here to ask something, I'm here to give solution to this firewall bug.
After the code below...
...put these at least:
To make your code more efficient, also put this code :
[for a more appropriate technics 8) ]
I remind some of you that to run the Firewall, something I do recommend, do this as root:
Of course, if what I've said is wrong, feel free to explain it to me.
I rather prefer to write some stupid things sometimes, being eventually ridiculous and learn something than staying ignorant about what is correct or not...
A firewall should have appropriate "technics" to fight against attackers...
So...
I've noticed a bug in the policy area:
some code are missing...
I've noticed the issue when the iptables command said that the policy stays at ACCEPT...
[after "stop" then another "start", this occur]
I'm not here to ask something, I'm here to give solution to this firewall bug.
After the code below...
Code: Select all
if [ "$1" = "start" ]; then
#... some codes are here... then you've got the above lines:
$IPTABLES -F # remove all rules
$IPTABLES -X # delete all user-defined chains
Code: Select all
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P INPUT DROP
[for a more appropriate technics 8) ]
Code: Select all
$IPTABLES -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
$IPTABLES -A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
Code: Select all
# /etc/rc.d/rc.FireWall start
I rather prefer to write some stupid things sometimes, being eventually ridiculous and learn something than staying ignorant about what is correct or not...