Sure,
Here are my rules:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ADDRESS-FILTER - [0:0]
:LINWIZ-INPUT - [0:0]
:REJECT-PKT - [0:0]
:SYN-FLOOD - [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ADDRESS-FILTER - [0:0]
:LINWIZ-INPUT - [0:0]
:REJECT-PKT - [0:0]
:SYN-FLOOD - [0:0]
-A
INPUT -j LINWIZ-INPUT
######################################################################
# Allow all loopback interface traffic
# Allow all loopback interface traffic
-A
LINWIZ-INPUT -i lo -j ACCEPT
#
Block all attempts to spoof the loopback address
-A
LINWIZ-INPUT -s 127.0.0.0/8 -j LOG --log-prefix "SPOOFED-LOOPBACK: "
-A LINWIZ-INPUT -s 127.0.0.0/8 -j DROP
-A LINWIZ-INPUT -d 127.0.0.0/8 -j LOG --log-prefix "SPOOFED-LOOPBACK: "
-A LINWIZ-INPUT -d 127.0.0.0/8 -j DROP
-A LINWIZ-INPUT -s 127.0.0.0/8 -j DROP
-A LINWIZ-INPUT -d 127.0.0.0/8 -j LOG --log-prefix "SPOOFED-LOOPBACK: "
-A LINWIZ-INPUT -d 127.0.0.0/8 -j DROP
#
Block Syn Flood attacks
-A
LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
#
Ensure that TCP connections start with syn packets
-A
LINWIZ-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j LOG --log-prefix
"SYN-EXPECTED: "
-A LINWIZ-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
-A LINWIZ-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
#
Allow session continuation traffic
-A
LINWIZ-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#
Allow all ssh traffic
-A
LINWIZ-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Call
the IP and MAC address filtering chain
-A
LINWIZ-INPUT -j ADDRESS-FILTER
#
Allow ICMP ping requests from allowed hosts
-A
LINWIZ-INPUT -p icmp -m icmp --icmp-type ping -j ACCEPT
#
Allow selected TCP/IP and/or UDP services
-A
LINWIZ-INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 111 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27000 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27005 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 111 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27000 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27005 -j ACCEPT
#
Block all other TCP/IP and UDP traffic
-A
LINWIZ-INPUT -j REJECT-PKT
######################################################################
# Syn flood filtering chain
# Syn flood filtering chain
-A
SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
-A SYN-FLOOD -j DROP
-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
-A SYN-FLOOD -j DROP
######################################################################
# Chain used to reject all TCP/IP, UDP and ICMP/PING packets
# Chain used to reject all TCP/IP, UDP and ICMP/PING packets
# This
is Windows NetBIOS broadcasts
-A REJECT-PKT -p udp -m udp --sport 137:138 --dport 137:138 -j DROP
# this IP:port address to flooding the network with broadcast messages
-A REJECT-PKT -p udp -m udp -s 192.168.170.110 --sport 11002 --dport 11001 -j DROP
-A REJECT-PKT -p tcp -m tcp -j LOG
-A REJECT-PKT -p tcp -m tcp -j REJECT --reject-with tcp-reset
-A REJECT-PKT -p udp -m udp -j LOG
-A REJECT-PKT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j LOG
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j REJECT --reject-with icmp-host-unreachable
-A REJECT-PKT -p udp -m udp --sport 137:138 --dport 137:138 -j DROP
# this IP:port address to flooding the network with broadcast messages
-A REJECT-PKT -p udp -m udp -s 192.168.170.110 --sport 11002 --dport 11001 -j DROP
-A REJECT-PKT -p tcp -m tcp -j LOG
-A REJECT-PKT -p tcp -m tcp -j REJECT --reject-with tcp-reset
-A REJECT-PKT -p udp -m udp -j LOG
-A REJECT-PKT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j LOG
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j REJECT --reject-with icmp-host-unreachable
######################################################################
# IP and MAC address filtering chain
# IP and MAC address filtering chain
#
asparagine
-A ADDRESS-FILTER -s 192.168.170.176 -j RETURN
...a bunch more here...
-A ADDRESS-FILTER -j REJECT-PKT
-A ADDRESS-FILTER -s 192.168.170.176 -j RETURN
...a bunch more here...
-A ADDRESS-FILTER -j REJECT-PKT
COMMIT
-----
Ryan Golhar
Computational Biologist
The
Informatics Institute at
The University of Medicine & Dentistry of
NJ
Phone: 973-972-5034
Fax: 973-972-7412
Email:
golharam@xxxxxxxxx
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Pegambar
Sent: Friday, May 28, 2004 10:09 PM
To: redhat-list@xxxxxxxxxx
Subject: Rapid Applicationhello
can anyone tell me Rapid Application Development tools(like VB) in Linux. I use Glade but it require most of the coding behind after creating the front end. is there anything(s) more? with licence or without licence.
thanks
Allah Hafiz
ik katra us ky Fazl ny darya bana dya
mai khaq tha usy ny surrya bana dya
Adam
Post your free ad now! Yahoo! Canada Personals
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
