Home > Developer > Linux

Firewall for Linux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Linux Firewall
Release the packets in the link
Linux Firewall
Esatblished Keep Links related create additional links
Iptables-i input-p ICMP--icmp-type 8-j DROP Join this rule outside the network ping different inside and outside can be flat through the outside network
Ping different ICMP Eight rules Dorp out after adding rules
Linux Firewall
Ping before you join the rules
Linux Firewall
NAT Table Application
Linux Firewall
1. Increase the NIC selection LAN segment can add itself equivalent to connect to an intranet switch Sisu network link is not on
Linux Firewall
2. The second machine to add a network card already has a network card do not select the start-Up link!! Must select the same segment
Linux Firewall
3. Configure the IP of the first machine temporarily set IP no configuration file required copy
Linux Firewall
4. Another machine to set the new LAN IP network IP
Linux Firewall
5. Open route open port forwarding default to 0
Linux Firewall
6. Add a rule
Iptables-t nat-a postrouting-s 192.168.100.0/24-o ens33-j Masquerade
Linux Firewall
7.B Machine Setup Gateway Route-n
Linux Firewall
8. Setting up a DNS ping outside the network
Linux Firewall
Demand 2
Want to Telnet 2 machine through 1 machine jump to 2 machine to map 2 machine 22 port to other ports access this port is Access 2 machine 22 port
1. Open a rule before routing forward delete
Linux Firewall
2. Add a rule
1.PREROUTING incoming packet destination IP port 1122 forwarding to destination IP port from 130 to 100
Linux Firewall
2. Come back to the packet IP from 100.100 back to the packet passed snat to source IP from 100 back to the source IP 130
Linux Firewall
3. Add a Gateway 2
Linux Firewall
4. Create a new session-mapped port
Linux Firewall
5. Link Extranet
Linux Firewall
6.W View Users
Linux Firewall
Iptables-i input-m iprange--src-range 61.4.176.0-61.4.191.255-j DROP reject data link for a network segment
iptables Limit syn speed
Principle, the TCP three handshake in each 5s is more than 20 times of the abnormal access.

Iptables-a input-s! 192.168.0.0/255.255.255.0-d 192.168.0.101-p tcp-m TCP--dport 80-m State--state new-m recent--set--name Httpuser- -rsource
Iptables-a input-m Recent--update--seconds 5--hitcount--name httpuser--rsource-j DROP
Where 192.168.0.0/255.255.255.0 is an unrestricted network segment, 192.168.0.101 is a native IP.
This iptables strategy can effectively prevent SYN attacks, but also effectively prevents the robot from spamming.

Firewall for Linux

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More