NATCommands
iptables --line-numbers --list
iptables -[A,I,D] INPUT -p [tcp,udp] -m [tcp,udp] --dport [port-number] -j [ACCEPT,REJECT,DROP]
iptables -[A,I,D] INPUT -p [tcp,udp] -m [tcp,udp] -s ip-address/netmask --dport [port-number] -j [ACCEPT,REJECT,DROP]
iptables -t nat -A POSTROUTING -s ip-network/ipaddress/netmask -o interface-that-has-internet -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -o eth1 -j MASQUERADE
/etc/sysctl.conf
net.ipv4.ip_forward = 1
echo 1 > /proc/sys/net/ipv4/ip_forward
TCP Wrappers
How to know if daemon supports tcp wrappers
# ldd /usr/sbin/sshd|grep libwrap
/etc/hosts.allow
sshd: 192.168.1. EXCEPT 192.168.1.202
/etc/hosts.deny
ALL: ALL
No comments:
Post a Comment