20120104_iptables
2012. 1. 4. 16:46- SSH_WHITELIST 생성
localhost ~ # iptables -N SSH_WHITELIST
- WHITELIST IP 추가
localhost ~ # iptables -A SSH_WHITELIST -s WHITELIST_IP -i eth0 -p tcp -m tcp --dport 22 -m recent --remove --name SSH --rsource -j ACCEPT
- WHITELIST IP 허용
localhost ~ # iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
- iptables rules
localhost ~ # cat /var/lib/iptables/rules-save
# Generated by iptables-save v1.4.12.1 on Wed Jan 04 16:40:40 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:SSH_WHITELIST - [0:0]
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 6 --name SSH --rsource -j LOG --log-prefix "SSH_ATTACK:: " --log-level 6
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 6 --name SSH --rsource -j DROP
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -j DROP
[0:0] -A SSH_WHITELIST -s nol2ter_ip -i eth0 -p tcp -m tcp --dport 22 -m recent --remove --name SSH --rsource -j ACCEPT
COMMIT
# Completed on Wed Jan 04 16:40:40 2012
localhost ~ # iptables -N SSH_WHITELIST
- WHITELIST IP 추가
localhost ~ # iptables -A SSH_WHITELIST -s WHITELIST_IP -i eth0 -p tcp -m tcp --dport 22 -m recent --remove --name SSH --rsource -j ACCEPT
- WHITELIST IP 허용
localhost ~ # iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
- iptables rules
localhost ~ # cat /var/lib/iptables/rules-save
# Generated by iptables-save v1.4.12.1 on Wed Jan 04 16:40:40 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:SSH_WHITELIST - [0:0]
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 6 --name SSH --rsource -j LOG --log-prefix "SSH_ATTACK:: " --log-level 6
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 6 --name SSH --rsource -j DROP
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -j DROP
[0:0] -A SSH_WHITELIST -s nol2ter_ip -i eth0 -p tcp -m tcp --dport 22 -m recent --remove --name SSH --rsource -j ACCEPT
COMMIT
# Completed on Wed Jan 04 16:40:40 2012
