雑　談　専　用　ス　ッ　ド　レ　★　30

505 ：がんじゃ兄貴 ◆U18g7nxod6：2014/04/30(水) 00:23:57.31 ID:s8gn9Q/jd

>>501
>>502
Linuxならこうかな。公開鯖ある前提。

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:SERVICES - [0:0]
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec --limit-burst 4 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j SERVICES
-A INPUT -p tcp -m state --state NEW -j SERVICES
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "[IPTABLES INPUT]:"
-A INPUT -j DROP
-A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "[IPTABLES FORWARD]:"
-A FORWARD -j DROP
-A SERVICES -p tcp -m tcp --dport 53 -j ACCEPT
-A SERVICES -p udp -m udp --dport 53 -j ACCEPT
-A SERVICES -p tcp -m tcp --dport 80 -j ACCEPT
-A SERVICES -p tcp -m tcp --dport 143 -j ACCEPT
-A SERVICES -p tcp -m tcp --dport 25 -j ACCEPT
-A SERVICES -p tcp -m tcp --dport 22 -j ACCEPT
-A SERVICES -p tcp -m tcp --dport 953 -j ACCEPT