Die Firewall ist die erste Verteidigungslinie. Default Deny, minimale offene Ports, Protokollierung.
iptables¶
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp –dport 22 -s 10.0.100.0/24 -j ACCEPT iptables -A INPUT -p tcp –dport 443 -j ACCEPT iptables -A INPUT -j LOG –log-prefix “DROP: ” iptables -A INPUT -j DROP
nftables¶
table inet filter { chain input { type filter hook input priority 0; policy drop; ct state established,related accept tcp dport { 80, 443 } accept tcp dport 22 ip saddr 10.0.100.0/24 accept } }
Wichtigste Erkenntnis¶
Default Deny, minimale Ports, Protokollierung abgelehnter Versuche.
securityfirewallnetworkiptables