Re: iptables templates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25/05/07, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote:
seth vidal wrote:
> Here's what I've used in the past.
>
> It allows connections for certain ports/places and then drops everything
> else as the last item.
>
> http://linux.duke.edu/~skvidal/misc/iptables-template
>
> it's pretty painless, really.
>
> If we want to add explicit outbound rules, too, that's fine, but I'd
> advise enabling logging b/c that stuff is easy to get wrong. :)
>
> This is just a sample but it's simple and straightforward.
>

Excellent.  I much prefer simple firewall rules where possible (its not
always possible :)

One RFE:

Could we have a commented section in there to rate limit some of the
open ports (http immediately come to mind)?  That way if we get slammed
again we don't have to go figure out what we've done in the past we can
just uncomment it.

What do you think?

    -Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list


Hey Mike,

For Apache why not deploy the mod_evasive module. What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache to provide
evasive action in the event of an HTTP DoS or DDoS attack or brute
force attack. It is also designed to be a detection and network
management tool, and can be easily configured to talk to ipchains,
firewalls, routers, and etcetera. mod_evasive presently reports abuses
via email and syslog facilities.

I have finished university for the summer, would you like me to look
into deploying this
next week? Does anyone have any objections to this?

--
Regards,
 Damian


[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux