Lines 1-14
Link Here
|
1 |
<?xml version='1.0' encoding="UTF-8"?> |
1 |
<?xml version='1.0' encoding="UTF-8"?> |
2 |
<!-- $Header: /var/www/www.gentoo.org/raw_cvs/gentoo/xml/htdocs/doc/fr/security/shb-firewalls.xml,v 1.2 2005/10/16 10:03:39 neysx Exp $ --> |
2 |
<!-- $Header: /var/www/www.gentoo.org/raw_cvs/gentoo/xml/htdocs/doc/fr/security/shb-firewalls.xml,v 1.2 2005/10/16 10:03:39 neysx Exp $ --> |
3 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
3 |
<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> |
4 |
|
4 |
|
5 |
<sections> |
5 |
<sections> |
6 |
|
6 |
|
7 |
<version>1.1</version> |
7 |
<version>1.2</version> |
8 |
<date>2005-10-16</date> |
8 |
<date>2006-10-31</date> |
9 |
|
9 |
|
10 |
<section> |
10 |
<section> |
11 |
<title>Un pare-feu</title> |
11 |
<title>Un pare-feu</title> |
12 |
<body> |
12 |
<body> |
13 |
|
13 |
|
14 |
<p> |
14 |
<p> |
Lines 707-736
Link Here
|
707 |
--limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/FIN:" |
707 |
--limit 5/minute -j LOG --log-level 5 --log-prefix "SYN/FIN:" |
708 |
$IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP |
708 |
$IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP |
709 |
|
709 |
|
710 |
# Applique et ajoute les chaînes invalides. |
710 |
# Applique et ajoute les chaînes invalides. |
711 |
einfo "Appliquer les chaînes a INPUT" |
711 |
einfo "Appliquer les chaînes a INPUT" |
712 |
$IPTABLES -A INPUT -m state --state INVALID -j DROP |
712 |
$IPTABLES -A INPUT -m state --state INVALID -j DROP |
713 |
$IPTABLES -A INPUT -j icmp_allowed |
713 |
$IPTABLES -A INPUT -p icmp -j icmp_allowed |
714 |
$IPTABLES -A INPUT -j check-flags |
714 |
$IPTABLES -A INPUT -j check-flags |
715 |
$IPTABLES -A INPUT -i lo -j ACCEPT |
715 |
$IPTABLES -A INPUT -i lo -j ACCEPT |
716 |
$IPTABLES -A INPUT -j allow-ssh-traffic-in |
716 |
$IPTABLES -A INPUT -j allow-ssh-traffic-in |
717 |
$IPTABLES -A INPUT -j allowed-connection |
717 |
$IPTABLES -A INPUT -j allowed-connection |
718 |
|
718 |
|
719 |
einfo "Appliquer les chaînes au FORWARD" |
719 |
einfo "Appliquer les chaînes au FORWARD" |
720 |
$IPTABLES -A FORWARD -m state --state INVALID -j DROP |
720 |
$IPTABLES -A FORWARD -m state --state INVALID -j DROP |
721 |
$IPTABLES -A FORWARD -j icmp_allowed |
721 |
$IPTABLES -A FORWARD -p icmp -j icmp_allowed |
722 |
$IPTABLES -A FORWARD -j check-flags |
722 |
$IPTABLES -A FORWARD -j check-flags |
723 |
$IPTABLES -A FORWARD -o lo -j ACCEPT |
723 |
$IPTABLES -A FORWARD -o lo -j ACCEPT |
724 |
$IPTABLES -A FORWARD -j allow-ssh-traffic-in |
724 |
$IPTABLES -A FORWARD -j allow-ssh-traffic-in |
725 |
$IPTABLES -A FORWARD -j allow-www-traffic-out |
725 |
$IPTABLES -A FORWARD -j allow-www-traffic-out |
726 |
$IPTABLES -A FORWARD -j allowed-connection |
726 |
$IPTABLES -A FORWARD -j allowed-connection |
727 |
|
727 |
|
728 |
einfo "Appliquer les chaînes à l'OUTPUT" |
728 |
einfo "Appliquer les chaînes à l'OUTPUT" |
729 |
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP |
729 |
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP |
730 |
$IPTABLES -A OUTPUT -j icmp_allowed |
730 |
$IPTABLES -A OUTPUT -p icmp -j icmp_allowed |
731 |
$IPTABLES -A OUTPUT -j check-flags |
731 |
$IPTABLES -A OUTPUT -j check-flags |
732 |
$IPTABLES -A OUTPUT -o lo -j ACCEPT |
732 |
$IPTABLES -A OUTPUT -o lo -j ACCEPT |
733 |
$IPTABLES -A OUTPUT -j allow-ssh-traffic-out |
733 |
$IPTABLES -A OUTPUT -j allow-ssh-traffic-out |
734 |
$IPTABLES -A OUTPUT -j allow-dns-traffic-out |
734 |
$IPTABLES -A OUTPUT -j allow-dns-traffic-out |
735 |
$IPTABLES -A OUTPUT -j allow-www-traffic-out |
735 |
$IPTABLES -A OUTPUT -j allow-www-traffic-out |
736 |
$IPTABLES -A OUTPUT -j allowed-connection |
736 |
$IPTABLES -A OUTPUT -j allowed-connection |