Diese Seite (Version-31) wurde zuletzt am 30-Juni-2025 18:51 von Administrator geändert.

Diese Seite wurde am 28-Dez.-2024 17:15 von Administrator erstellt.

Du bist nicht autorisiert, diese Seite umzubenennen.

Du bist nicht autorisiert, diese Seite zu löschen.

Versionsgeschichte der Seite

Version Zuletzt geändert Größe Autor Änderungen Kommentar
31 30-Juni-2025 18:51 6 KB Administrator zur vorherigen
30 29-Dez.-2024 12:43 6 KB Administrator zur vorherigen | zur neuesten
29 29-Dez.-2024 12:40 5 KB Administrator zur vorherigen | zur neuesten
28 29-Dez.-2024 12:39 5 KB Administrator zur vorherigen | zur neuesten
27 29-Dez.-2024 12:39 5 KB Administrator zur vorherigen | zur neuesten
26 29-Dez.-2024 12:36 3 KB Administrator zur vorherigen | zur neuesten
25 29-Dez.-2024 12:35 3 KB Administrator zur vorherigen | zur neuesten
24 29-Dez.-2024 12:34 3 KB Administrator zur vorherigen | zur neuesten
23 29-Dez.-2024 12:29 4 KB Administrator zur vorherigen | zur neuesten
22 29-Dez.-2024 12:28 5 KB Administrator zur vorherigen | zur neuesten
21 29-Dez.-2024 12:27 4 KB Administrator zur vorherigen | zur neuesten

Links

Eingehende Links Ausgehende Links

Versionsunterschiede

Unterschiede zwischen Version und .

Zeile 78: 6 Zeilen geändert.
> sudo iptables -L -v
> sudo iptables -n -v --line-numbers -L
> sudo service iptables start # activate firewalling
> sudo service ip6tables start
> sudo chkconfig iptables on # enable after reboot
> sudo chkconfig ip6tables on
> sudo ip6tables -nvL --line-numbers -L
Zeile 86: 36 Zeilen gelöscht.
{{{
iptables [-t <table-name>] <command> <chain-name> <parameter-1> <option-1> <parameter-n> <option-n>
}}}
* table-name
** like ~[filter, nat, mangle, raw, security~], if omitted we use "filter"
* command
** -F : flush current chain or all if omitted
** -X : deletes a user-specified chain or all if omitted
** -Z : zeros the byte and packet counters in all chains
** -A : apppend a rule at the end
** -I : inserts at a specified position (similar to replace -R), wihtout position at the top
** -P : a policy is a fall back and is used after all rules have passede** you can enable certain special addresses earlier
** -L : list all rules
* chain-name
** INPUT, FORWARD, OUTPUT (as listed with > iptables -L)
** you may invent new chain names, but this seems not to be common (command -N)
* parameter-1 (filter)
** -s : source filter (address~[/mask~]~[...~])
** -d : destination filter
** -p : protocoll filter like ~[icmp, tcp, udp, all~] or those in /etc/protocols, if omitted ALL protocols are considered
*** with -p tcp you can use --dport for destination port filter, any number
*** with -p udp you can use --dport for destination port and --sport as source port filter
*** ports can be also a range like 3000:3200 (all from 3000 to 3200)
*** with -p icmp you can use --icmp-type
** -i : interface like ~[eth0, lo, ppp0~], without name ALL interfaces are used
** -j : jump to ~[ACCEPT, DROP, QUEUE, RETURN~] (or others added with modules)
** -m : adds a comment when listing the rules, syntax >-m comment --comment "My comments here"<
* option-1 (target)
** ~[ACCEPT, DROP, QUEUE, RETURN~] (or others added with modules)
* option-n (listing options)
** -v : verbose output
** -n : displays IP addresses and port numbers in numeric format instead of hostname/network service
* notes
** the first three commands are usually used to create a fresh ruleset in a script
** in the chain list and then drop all other later
Zeile 138: 4 Zeilen gelöscht.
{{{
#!/bin/bash
# MARKUS
SOURCE=::
Zeile 143: 43 Zeilen gelöscht.
# ipv4 ------------------------------------
# Flush all rules and delete all chains for a clean startup
iptables -F
iptables -X
iptables -Z # Zero out all counters
# drop all ipv4 traffic, we want to use ipv6 only
iptables -A INPUT -s 1.1.1.1 -j ACCEPT
iptables -A OUTPUT -d 1.1.1.1 -j ACCEPT
iptables -A INPUT -s 8.8.8.8 -j ACCEPT
iptables -A OUTPUT -d 8.8.8.8 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
# ipv6 ------------------------------------
# Flush all rules and delete all chains for a clean startup
ip6tables -F
ip6tables -X
ip6tables -Z
# drop all ipv6 traffic, except EbelStube
# do not limit to --dport 22, because the source has random ports (?)
# add first to enabel replacing 1. rule later
ip6tables -A INPUT -s $SOURCE -j ACCEPT
ip6tables -A OUTPUT -d $SOURCE -j ACCEPT
# allow ipv6 local loopback
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
# drop everthing else
ip6tables -P FORWARD DROP # as policy generally
ip6tables -A INPUT -j DROP
ip6tables -A OUTPUT -j DROP
# update first ip6tables rules and enable my computer
/home/markus/update_ip6tables.py
}}}