Changeset d8717e4
- Timestamp:
- 10/16/2012 05:13:00 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 983b6a6
- Parents:
- 699b552c
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r699b552c rd8717e4 177 177 <!ENTITY gnutls-version "3.0.24"> 178 178 <!ENTITY gpgme-version "1.3.2"> 179 <!ENTITY iptables-version "1.4.1 5">179 <!ENTITY iptables-version "1.4.16.2"> 180 180 <!ENTITY libcap2-version "2.22"> 181 181 <!ENTITY liboauth-version "0.9.7"> -
introduction/welcome/changelog.xml
r699b552c rd8717e4 45 45 --> 46 46 47 <listitem> 48 <para>October 16th, 2012</para> 49 <itemizedlist> 50 <listitem> 51 <para>[bdubbs] - Update to iptables-1.4.16.2. Fixes 52 <ulink url="&blfs-ticket-root;3595">#3595</ulink>.</para> 53 </listitem> 54 <listitem> 55 <para>[bdubbs] - Fixed firewall scripts to be compatible with 56 current iptables. Fixes 57 <ulink url="&blfs-ticket-root;3626">#3626</ulink>.</para> 58 </listitem> 59 </itemizedlist> 60 </listitem> 61 47 62 <listitem> 48 63 <para>October 15th, 2012</para> -
postlfs/security/firewalling.xml
r699b552c rd8717e4 181 181 <literal>#!/bin/sh 182 182 183 # Begin $rc_base/rc.iptables183 # Begin rc.iptables 184 184 185 185 # Insert connection-tracking modules 186 186 # (not needed if built into the kernel) 187 modprobe ip_tables 188 modprobe iptable_filter 189 modprobe ip_conntrack 190 modprobe ip_conntrack_ftp 191 modprobe ipt_state 192 modprobe ipt_LOG 187 modprobe nf_conntrack 188 modprobe xt_LOG 193 189 194 190 # Enable broadcast echo Protection … … 249 245 # and permit new connections related to established ones 250 246 # (e.g. port mode ftp) 251 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT247 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 252 248 253 249 # Log everything else. What's Windows' latest exploitable vulnerability? … … 291 287 <literal>#!/bin/sh 292 288 293 # Begin $rc_base/rc.iptables289 # Begin rc.iptables 294 290 295 291 echo … … 307 303 # Insert iptables modules (not needed if built into the kernel). 308 304 309 modprobe ip_tables 310 modprobe iptable_filter 311 modprobe ip_conntrack 312 modprobe ip_conntrack_ftp 313 modprobe ipt_state 314 modprobe iptable_nat 315 modprobe ip_nat_ftp 316 modprobe ipt_MASQUERADE 317 modprobe ipt_LOG 318 modprobe ipt_REJECT 305 modprobe nf_conntrack 306 modprobe nf_conntrack_ftp 307 modprobe xt_conntrack 308 modprobe xt_LOG 309 modprobe xt_state 319 310 320 311 # Enable broadcast echo Protection … … 366 357 367 358 # Allow forwarding if the initiated on the intranet 368 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT369 iptables -A FORWARD -i ! ppp+ -m state --state NEW -j ACCEPT359 iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 360 iptables -A FORWARD -i ! ppp+ -m conntrack --ctstate NEW -j ACCEPT 370 361 371 362 # Do masquerading … … 437 428 INPUT.</para> 438 429 439 <screen><literal>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT430 <screen><literal>iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 440 431 iptables -A OUTPUT -j ACCEPT</literal></screen> 441 432 … … 458 449 459 450 <screen><literal>iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT 460 iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED \451 iptables -A INPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED \ 461 452 -j ACCEPT</literal></screen> 462 453 … … 497 488 network scans) insert these rules at the top of the chain:</para> 498 489 499 <screen><literal>iptables -I INPUT 0 -p tcp -m state --state INVALID \490 <screen><literal>iptables -I INPUT 0 -p tcp -m conntrack --ctstate INVALID \ 500 491 -j LOG --log-prefix "FIREWALL:INVALID " 501 iptables -I INPUT 1 -p tcp -m state --state INVALID -j DROP</literal></screen>492 iptables -I INPUT 1 -p tcp -m conntrack --ctstate INVALID -j DROP</literal></screen> 502 493 503 494 </listitem> -
postlfs/security/iptables.xml
r699b552c rd8717e4 7 7 <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2"> 8 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-md5sum " 8bf564ea8348522fc1db727868828def">10 <!ENTITY iptables-size "5 04KB">11 <!ENTITY iptables-buildsize "1 5MB">9 <!ENTITY iptables-md5sum "57220bb26866a713073e5614f88071fc"> 10 <!ENTITY iptables-size "532 KB"> 11 <!ENTITY iptables-buildsize "13 MB"> 12 12 <!ENTITY iptables-time "0.2 SBU"> 13 13 ]> … … 72 72 </listitem> 73 73 </itemizedlist> 74 74 <!-- 75 75 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 76 76 <itemizedlist spacing="compact"> … … 82 82 </listitem> 83 83 </itemizedlist> 84 84 --> 85 85 <para condition="html" role="usernotes">User Notes: 86 86 <ulink url="&blfs-wiki;/iptables"/> … … 135 135 </para> 136 136 137 <screen><userinput>patch -Np1 -i ../iptables-&iptables-version;-missing-includes-1.patch && 138 ./configure --prefix=/usr \ 137 <screen><userinput>./configure --prefix=/usr \ 139 138 --exec-prefix= \ 140 139 --bindir=/sbin \
Note:
See TracChangeset
for help on using the changeset viewer.