utterances-bot commented 2 years ago

Firewall na linux'owe maszyny klienckie | Morfitronik

https://morfikov.github.io/post/firewall-na-linuxowe-maszyny-klienckie/

ghost commented 2 years ago

Can you write a sample file "iptables_mangle.sh" ? I would like to put there such rules and I have no idea how to add them to be correct.

/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
/sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP

morfikov commented 2 years ago

Just add the commands to the script.

morfikov / morfitronik-comments

Firewall na linux'owe maszyny klienckie #591

Firewall na linux'owe maszyny klienckie | Morfitronik