iptables 초기화 및 기본설정
iptables 초기화
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# set default policies to let everything in iptables --policy INPUT ACCEPT iptables --policy OUTPUT ACCEPT iptables --policy FORWARD ACCEPT iptables -Z # zero counters iptables -F # flush (delete) rules iptables -X # delete all extra chains iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X |
인터페이스 다 막기
|
1 2 3 4 5 |
iptables -P INPUT DROP iptables -A OUTPUT -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT |
아웃바운드 트래픽 허용 및 DNS 트래픽 허용
|
1 2 3 4 |
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT |
기타
|
1 2 3 |
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP |
DHCP 트래픽 허용
|
1 |
iptables -A INPUT -p udp --sport 67 --dport 68 -m state --state RELATED,ESTABLISHED -j ACCEPT |
