Telstar

Zivjo!
Mene pa zanima, ce je lahko kaj narobe recimo ce nimas zadnjega updata in firewalla v linuxu? Glede virusov in spywerov-no sej tega naj kle ne bi bilo ali se pac motim

nic ni narobe, vendar svetujem da uporabis eno tako skripto, sam moras prej v kernelu omogocit podporo za iptables to je Netfilter Configuration v kernelu .. Namesto skripte je boljse uporabiti kaksen shorewall, sem ti ze prej v enem izmed postov napisal.

#!/bin/bash
IPTABLES='/sbin/iptables'
# Set interface values
EXTIF='ppp0'
INTIF0='eth0'
INTIF1='eth1'

# enable ip forwarding in the kernel
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

# flush rules and delete chains
$IPTABLES -F
$IPTABLES -X

# enable masquerading to allow LAN internet access
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# forward LAN traffic from $INTIF0 to Internet interface $EXTIF
$IPTABLES -A FORWARD -i $INTIF0 -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT

# forward LAN traffic from $INTIF1 to Internet interace $EXTIF
$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT

#echo -e " - Allowing access to the SSH server"
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT

#echo -e " - Allowing access to the HTTP server"
$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT

# block out all other Internet access on $EXTIF
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP

zdaj je odvisno kaksne service imas zagnane na svojem linuxu.

poleg iptables malo preveri se /etc/inetd.conf

da vidis kaksne servise imas recimo v inetd zalaufane.