{"id":1134,"date":"2007-02-13T12:42:33","date_gmt":"2007-02-13T11:42:33","guid":{"rendered":"http:\/\/lombisani.it\/?p=24"},"modified":"2007-02-13T12:42:33","modified_gmt":"2007-02-13T11:42:33","slug":"configurazione-di-minima-di-iptables","status":"publish","type":"post","link":"https:\/\/www.lombisani.it\/blog\/2007\/02\/13\/configurazione-di-minima-di-iptables\/","title":{"rendered":"Configurazione di minima di iptables"},"content":{"rendered":"<p>Senza dilungarmi affatto nella spiegazione di <strong>iptables <\/strong>(ci sono fior di siti che ne parlano), di seguito metto un file di configurazione per <strong>iptables<\/strong> che permetta la messa in linea di un firewall per piccole reti che tenga chiuso in ingresso e limiti le porte in uscita.<br \/>\nPi\u00f9 avanti commenter\u00f2 a dovere.<br \/>\n<code><br \/>\nGenerated by iptables-save v1.2.6a on Tue Mar  2 12:48:38 2004<br \/>\n*mangle<br \/>\n:PREROUTING ACCEPT [0:0]<br \/>\n:INPUT ACCEPT [0:0]<br \/>\n:FORWARD ACCEPT [0:0]<br \/>\n:OUTPUT ACCEPT [0:0]<br \/>\n:POSTROUTING ACCEPT [0:0]<br \/>\nCOMMIT<br \/>\n# Completed on Tue Mar  2 12:48:38 2004<br \/>\n# Generated by iptables-save v1.2.6a on Tue Mar  2 12:48:38 2004<br \/>\n*filter<br \/>\n:INPUT DROP [0:0]<br \/>\n:FORWARD DROP [0:0]<br \/>\n:OUTPUT DROP [0:0]<br \/>\n[0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br \/>\n[0:0] -A INPUT -p tcp -m tcp --dport   22 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A INPUT -p tcp -m tcp --dport 5000 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A INPUT -p udp -m udp --dport 5000 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT<br \/>\n#[0:0] -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A FORWARD -i eth0 -p tcp -m state --state NEW -m multiport --dports ftp,telnet,ssh,smtp,pop3,imap2,imaps,pop3s,www,https,5000,3389,3306 -j ACCEPT<br \/>\n[0:0] -A FORWARD -i eth0 -p udp -m state --state NEW -m multiport --dports ntp,5000,53,3306 -j ACCEPT<br \/>\n[0:0] -A FORWARD -i tun+ -o eth0 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A FORWARD -i eth0 -o tun+ -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT<br \/>\n[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br \/>\n[0:0] -A OUTPUT  -p tcp -m state --state NEW -m multiport --dports ftp,telnet,ssh,smtp,pop3,imap2,imaps,pop3s,www,https,5000,3389,3306 -j ACCEPT<br \/>\n[0:0] -A OUTPUT  -p udp -m state --state NEW -m multiport --dports ntp,5000,53,3306 -j ACCEPT<br \/>\n[0:0] -A OUTPUT  -p icmp -j ACCEPT<br \/>\nCOMMIT<br \/>\n# Completed on Tue Mar  2 12:48:38 2004<br \/>\n# Generated by iptables-save v1.2.6a on Tue Mar  2 12:48:38 2004<br \/>\n*nat<br \/>\n:PREROUTING ACCEPT [257:29141]<br \/>\n:POSTROUTING ACCEPT [0:0]<br \/>\n:OUTPUT ACCEPT [0:0]<br \/>\n[0:0] -A POSTROUTING -s 192.168.11.0\/255.255.255.0 -o eth1 -j SNAT --to-source 85.34.163.218<br \/>\nCOMMIT<br \/>\n# Completed on Tue Mar  2 12:48:38 2004<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Senza dilungarmi affatto nella spiegazione di iptables (ci sono fior di siti che ne parlano), di seguito metto un file di configurazione per iptables che permetta la messa in linea di un firewall per piccole reti che tenga chiuso in ingresso e limiti le porte in uscita. Pi\u00f9 avanti commenter\u00f2 a dovere. Generated by iptables-save&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-1134","post","type-post","status-publish","format-standard","hentry","category-vecchi-articoli"],"_links":{"self":[{"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/posts\/1134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/comments?post=1134"}],"version-history":[{"count":0,"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/posts\/1134\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/media?parent=1134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/categories?post=1134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lombisani.it\/blog\/wp-json\/wp\/v2\/tags?post=1134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}