Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 32 lines (25 sloc) 1.687 kB
b92f9bd @mrash Added FW_EXAMPLE_RULES
authored
1
2 The following firewall rulesets are examples of rulesets that are compatible
3 with psad. Basically, the only criteria is have the firewall log and
02b10f4 @mrash documentation updates
authored
4 drop packets that should not be allowed through. Then a port scan will
5 manifest itself within /var/log/messages as packets are dropped and logged,
6 at which time these messages will be written to the /var/lib/psad/psadfifo
7 named pipe and analyzed by psad.
b92f9bd @mrash Added FW_EXAMPLE_RULES
authored
8
9
7fb99f2 @mrash updated for better readability
authored
10 ### iptables:
b92f9bd @mrash Added FW_EXAMPLE_RULES
authored
11
12 Chain INPUT (policy ACCEPT)
a7d5f18 @mrash Added FORWARD log and drop rules, added state rules
authored
13 target prot opt source destination
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7fb99f2 @mrash updated for better readability
authored
15 ACCEPT tcp -- 129.xx.xx.xx 64.44.21.15 tcp dpt:22 flags:SYN,RST,ACK/SYN
16 ACCEPT tcp -- 208.xx.xx.xx 64.44.21.15 tcp dpt:22 flags:SYN,RST,ACK/SYN
17 ACCEPT tcp -- 24.xx.xx.xx 64.44.21.15 tcp dpt:22 flags:SYN,RST,ACK/SYN
18 ACCEPT tcp -- 208.xx.xx.xx 64.44.21.15 tcp dpt:22 flags:SYN,RST,ACK/SYN
19 ACCEPT tcp -- 0.0.0.0/0 64.44.21.15 tcp dpt:25 flags:SYN,RST,ACK/SYN
20 ACCEPT tcp -- 0.0.0.0/0 64.44.21.15 tcp dpt:80 flags:SYN,RST,ACK/SYN
21 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG level warning prefix `DROP '
22 DROP all -- 0.0.0.0/0 0.0.0.0/0
b92f9bd @mrash Added FW_EXAMPLE_RULES
authored
23
24 Chain FORWARD (policy ACCEPT)
a7d5f18 @mrash Added FORWARD log and drop rules, added state rules
authored
25 target prot opt source destination
26 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7fb99f2 @mrash updated for better readability
authored
27 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG level warning prefix `DROP '
a7d5f18 @mrash Added FORWARD log and drop rules, added state rules
authored
28 DROP all -- 0.0.0.0/0 0.0.0.0/0
b92f9bd @mrash Added FW_EXAMPLE_RULES
authored
29
30 Chain OUTPUT (policy ACCEPT)
a7d5f18 @mrash Added FORWARD log and drop rules, added state rules
authored
31 target prot opt source destination
Something went wrong with that request. Please try again.