View Attach Info

Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-1) was last changed on 17-May-2021 01:15 by UnknownAuthor  

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 added 94 lines
[{TableOfContents}]
!!! 방화벽 스크립트
{{{
vi /etc/rc.d/rc.firewall
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#!/bin/sh
# declare variable iptables
IPTABLES=/sbin/iptables
# change kernel parameter for ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
# change kernel parameter for dynamic address
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# new policy setting
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
# deny reserved port
#ftp
$IPTABLES -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 21 -j ACCEPT
#ssh
$IPTABLES -A INPUT -p tcp -m tcp --dport 32 -j ACCEPT
#sendmail
$IPTABLES -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 25 -j ACCEPT
#named
$IPTABLES -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 53 -j ACCEPT
#http
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#pop3
$IPTABLES -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
#imap
$IPTABLES -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
#mysql
$IPTABLES -A INPUT -p tcp -m tcp -s 211.238.15.62 --dport 3306 -j ACCEPT
#nfs
$IPTABLES -A INPUT -p tcp -m tcp -s 118.219.232.170 --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 118.219.232.170 --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 118.219.232.170 --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 118.219.232.170 --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 118.219.232.170 --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 118.219.232.170 --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 118.219.232.170 --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 118.219.232.170 --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 118.219.232.170 --dport 4003 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 118.219.232.170 --dport 4003 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 210.109.102.107 --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 210.109.102.107 --dport 111 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 210.109.102.107 --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 210.109.102.107 --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 210.109.102.107 --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 210.109.102.107 --dport 4001 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 210.109.102.107 --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 210.109.102.107 --dport 4002 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -s 210.109.102.107 --dport 4003 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp -s 210.109.102.107 --dport 4003 -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 0:6000 --syn -j REJECT
$IPTABLES -A INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
$IPTABLES -A INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}}}
!!! 부팅시 수행
{{{
vi /etc/rc.d/rc.local
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
if [ -f /etc/rc.d/rc.firewall ]; then
. /etc/rc.d/rc.firewall
fi
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}}}
Version Date Modified Size Author Changes ... Change note
17-May-2021 01:15 3.338 kB UnknownAuthor
« This page (revision-) was last changed on 17-May-2021 01:15 by UnknownAuthor