Search
 
SCRIPT & CODE EXAMPLE
 

SHELL

iptables linux

# Using Iptables isn't the most efficient way of doing this but I will
# share some useful rules to prevent unwanted connections efficiently
# and effectively.

# With Iptables, the raw chain is the earliest you can block traffic.
# Pairing this with the PREROUTING chain can be effective.

# Blocking your SSH port from outside connections except for your own ip
# is as easy as follows

# This accepts your IP address and allows for the next rule to 
# be added correctly

iptables -t raw -A PREROUTING -p tcp --cstate NEW,ESTABLISED -s YOUR_IP --dport 22 --comment "SSH Whitelist" -j ACCEPT

# This is the rule that blocks all other SSH connections outsite of 
# your own IP address, if you have not executed the command above
# your server will not allow you to connect.

iptables -t raw -A PREROUTING -p tcp --cstate NEW,RELATED,ESTABLISED --dport 22 --comment "SSH Blacklist" -j DROP

# If you have done this correctly, you shouldn't be able to connect 
# to ssh unless you are using the IP provided in the first iptable.

# BPF filters can also be used in order to make packet specific filters
# here is an example.

iptables -t raw -A PREROUTING -p udp --dport 53 -m bpf --bytecode "6,40 0 0 12,21 0 3 2048,48 0 0 23,21 0 1 17,6 0 0 65535,6 0 0 0," -j DROP

# This rule contains byte code which translates to "ip and udp"
# This basically means if the connection contains an ip and
# is connecting via udp, block it.
# You can get very specific with this. Here is an example
# if udp and port 53 and len <= 512 and host is host.
# This is a very intricate way to block connection but shouldn't be
# used unless you are aware of how to use it.

# For more info about these subjects visit:
# https://biot.com/capstats/bpf.html
# https://linux.die.net/man/8/iptables
Comment

PREVIOUS NEXT
Code Example
Shell :: permission terminal ubuntu 
Shell :: how to skip .pyc file adding into github repository 
Shell :: how to add code lines in github editor 
Shell :: snapcraft 
Shell :: cmd move overwrite file 
Shell :: heroku clone database local 
Shell :: nativescript create angular project 
Shell :: set sublime text as git editor mac 
Shell :: how to find max and min in column bash 
Shell :: zip exclude multiple files linux 
Shell :: backtick ubuntu 
Shell :: revert to commit git 
Shell :: fatal: failed to install gitlab-runner: service gitlab-runner already exists 
Shell :: fake commit date 
Shell :: windows 10 do not show in the grub menu 
Shell :: mongo shell command to create database 
Shell :: merge branch into master 
Shell :: screen recorder mint 
Shell :: knows the version of one application on ubuntu 
Shell :: grep exclude multi dirs 
Shell :: apk remove package 
Shell :: mac kill process 
Shell :: linux get part of string 
Shell :: teamcity set environment variable command line 
Shell :: howdy install 
Shell :: pwa install 
Shell :: terminal multiple commands 
Shell :: how to do create diff file in git 
Shell :: telnet command 
Shell :: move repository from bitbucket to github 
ADD CONTENT
Topic
Content
Source link
Name
9+8 =