Fosiul.com

Allow ssh connection from selected Ip:
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT –source yy.yyy.yy.yy -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j DROP

Only allow ssh to linux box:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

How to avoid TCP SYN FLOODING :
echo 1 > /proc/sys/net/ipv4/tcp_syncookies.

Iptables for MASQUERADE

# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
The following command enables FTP connection tracking through your
firewall:

# modprobe -a ip_conntrack_ftp ip_nat_ftp

This entry was posted on Wednesday, August 12th, 2009 at 2:30 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.