Iptables

Fra SemarkIT
Skift til: Navigation, Søgning

IPv4

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.rp_filter=1

# Flush IPv4
echo 'Flush IPv4'
iptables --flush

# Drop IPv4
echo 'IPv4 - Dropping all traffic'
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Ping
echo 'IPv4 - Allow Ping'
iptables -A INPUT -p icmp -j ACCEPT

# Open everything
echo 'IPv4 - Allow all IPv4 traffic'
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

IPv6

# Flush IPv6
echo 'Flush IPv6'
ip6tables --flush

# Drop IPv6
echo 'IPv6 - Dropping traffic'
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT

# Ping
echo 'IPv6 - Allow Ping'
ip6tables -A INPUT -p icmpv6 -j ACCEPT

# Allow all internal traffic
echo 'IPv6 - Allow all IPv6 traffic'
ip6tables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

sysctl

nano /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
# allow testing with buffers up to 128MB
net.core.rmem_max=134217728
net.core.wmem_max=134217728
# increase Linux autotuning TCP buffer limit to 64MB
net.ipv4.tcp_rmem=4096 87380 67108864
net.ipv4.tcp_wmem=4096 65536 67108864
# increase the length of the processor input queue
net.core.netdev_max_backlog=250000
# recommended default congestion control is htcp
net.ipv4.tcp_congestion_control=htcp
# recommended for hosts with jumbo frames enabled
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_no_metrics_save=0

Nu skal du load nogle moduler i kernen.

modprobe tcp_cubic
modprobe tcp_htcp

også loade de nye regler

sysctl -p /etc/sysctl.conf
Personlige værktøjer
Navnerum

Varianter
Handlinger
Navigation
Værktøjer