Ferm

Aus ConfigWiki
(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: ~# aptitude install ferm Beispielkonfiguration: /etc/ferm# cat ferm.conf # ferm rules generated by import-ferm # http://ferm.foo-projects.org/ hook pre "modprobe ...)

Version vom 6. Januar 2011, 17:12 Uhr

~# aptitude install ferm

Beispielkonfiguration: 

/etc/ferm# cat ferm.conf
# ferm rules generated by import-ferm
# http://ferm.foo-projects.org/
hook pre "modprobe nf_conntrack_ftp";
#hook pre "modprobe nf_nat_ftp";
domain ip {
   table filter {
       chain INPUT {
           policy DROP;
           ACCEPT {
               mod state state (RELATED ESTABLISHED);
       	interface lo;

protocol (icmp esp ah); protocol udp dport 500; protocol tcp { dport (http smtp); dport ssh mod hashlimit hashlimit 10/min hashlimit-mode srcip hashlimit-name ssh; } 

           }
           LOG log-prefix "reject-in ";
           REJECT;
       }
       chain FORWARD { policy DROP; REJECT; }
       chain OUTPUT {
           policy DROP;
           ACCEPT {
               mod state state (RELATED ESTABLISHED);
       	outerface lo;
       	protocol udp dport domain daddr 192.168.4.100;
       	mod owner uid-owner (root rico);
           }
           LOG log-prefix reject-out;
           REJECT;
       }
   }
   table nat {
       chain POSTROUTING {
           policy ACCEPT;
           mod mark mark 0x25 MASQUERADE;
       }
       chain INPUT policy ACCEPT;
       chain OUTPUT policy ACCEPT;
       chain PREROUTING policy ACCEPT;
   }
   table mangle {
       chain OUTPUT {
           policy ACCEPT;
           protocol tcp dport 25 MARK set-xmark 0x25/0xffffffff;
       }
       chain FORWARD policy ACCEPT;
       chain INPUT policy ACCEPT;
       chain PREROUTING policy ACCEPT;
       chain POSTROUTING policy ACCEPT;
   }
}
Von „http://mediawiki.netbreaker.de/mediawiki/index.php?title=Ferm&oldid=431
Meine Werkzeuge