[Tip] iptables 설정 및 정책 적용

<설정파일>

/etc/sysconfig/iptables

 

<설정저장>

/etc/init.d/iptables save

 

<설정확인>

iptables -nL

 

<설정 저장 및 재 시작>

service iptables save

 

<룰셋 저장 및 복구>

iptables-save > /tmp/rules

iptables-restore < /tmp/rule

 

<설정 제거>

iptables -F

service iptables stop

 

<설정 추가 - Command>

iptables -A INPUT -p tcp --dport 8000 -j ACCEPT  // 8000포트 허용 추가

iptables -A INPUT -p tcp --dport 8000 -j DROP     // 8000포트 차단 추가

 

<설정파일 예제>

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

################# UDP Port ALLOW #################

-A INPUT -s 192.168.50.10 -p udp --dport 514 -j ACCEPT

-A INPUT -s 192.168.50.10 -p udp --dport 162 -j ACCEPT

################# TCP Port ALLOW ################

-A INPUT -s 192.168.50.11 -p tcp --dport 3306 -j ACCEPT

################ SSH / Oracle ALLOW ################

-A INPUT -s 192.168.50.200 -p tcp --dport 22 -j ACCEPT

-A INPUT -s 192.168.50.200 -p tcp --dport 1521 -j ACCEPT

##############################################

-A INPUT -i lo -j ACCEPT

-A INPUT -j LOGGING

-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "iptables-Droppend :"

-A LOGGING -j DROP

-A INPUT -p tcp --tcp-flags ALL NOME -j DROP

-A INPUT -p tcp ! --tyn -m state --state NEW -j DROP

-A INPUT -p tcp --tcp-flags ALL ALL -j DROP

COMMIT

 

<로그 설정 - 기본적으로는 /var/log/messages>

vi /etc/rsyslog.conf

kern.waring /var/log/iptables.log

or

kern.* /var/log/iptables.log

 

service rsyslogd restart