iptables SECURITY - default settings
Wal
mail4wal at yahoo.com
Thu Sep 9 02:29:03 UTC 2004
Is it possible to have the Fedora Core
default, out-of-the-box iptables settings
be more like the following?
RelatedComponent- system-config-securitylevel
File- /etc/sysconfig/iptables
# generated by ____
#
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:SecLev505-INPUT - [0:0]
-I SecLev505-INPUT -p all -j DROP
-I SecLev505-INPUT -p udp -m udp -s <DNS_SERVER1>
--sport 53 --dport 1025:65535 -j ACCEPT
-I SecLev505-INPUT -p udp -m udp -s <DNS_SERVER2>
--sport 53 --dport 1025:65535 -j ACCEPT
-I SecLev505-INPUT -p tcp -m state --state
ESTABLISHED,RELATED -j ACCEPT
-I SecLev505-INPUT -p tcp -m tcp -s 0/0 --syn -j DROP
-I SecLev505-INPUT -i lo -s 0/0 -j ACCEPT
-I INPUT -j SecLev505-INPUT
:OUTPUT ACCEPT [0:0]
COMMIT
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
More information about the fedora-test-list
mailing list