bmaeser / iptables-boilerplate Goto Github PK
View Code? Open in Web Editor NEWrock solid default firewall-rules for webhosts
Home Page: http://bmaeser.github.io/iptables-boilerplate
License: MIT License
rock solid default firewall-rules for webhosts
Home Page: http://bmaeser.github.io/iptables-boilerplate
License: MIT License
The script sets the limit to 120 connections per minute, but the max number of packets to remember is set to 20.
I did not send a pull request as my experience with iptables is extremely limited, but for my setup I have limited the number of connections to 20 per minute, which is sufficient for my needs.
title says it all
Hello, I've some questions:
Is this safe to put "EXTERNAL CONFIGS" section BEFORE all attacks detection rules ?
Regarding https://security.stackexchange.com/questions/4603/tips-for-a-secure-iptables-config-to-defend-from-attacks-client-side, I think that 2 rules are missing:
## MAKE SURE NEW INCOMING TCP CONNECTIONS ARE SYN PACKETS
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
## DROP PACKETS WITH INCOMING FRAGMENTS
$IPTABLES -A INPUT -f -j DROP
Why duplicate the invalid packets droping rules (Lines 68 and 146) ?
Why martians loging turned off by default ?
Can you add a "enable/disable ICMP" option ? Or, at least, add a "limit", to prevent a PING flood.
I don't need to restart a service (networking?) to apply sysctl settings, right ?
BTW, great boilerplate, very useful, thank you!
title says it all
Hi, not sure if this is normal or not but I'm getting these two error messages:
update-rc.d: warning: firewall start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (S)
update-rc.d: warning: firewall stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 6)
This is on a Digital Ocean 12.04.3 Ubuntu VPS.
Hello:
Is iptables-boilerplate ready to be used in Debian 9?
Thank you
Hello, I try to use it on Debian 9 for my LAMP and it works OK. Nevertheless, when I perform Nmap port scan from my PC, ksoftirqd/0 utilizes 100% of my server CPU for the scan time. As long as I have only 1 vcore on my VPS this makes whole server stuck for some time. Is there a way to improve it?
PS: I have disbaled "port scan" option in firewall, but it doesn't help.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.