Open main menu

CDOT Wiki β

Changes

OPS335 Firewall Lab

96 bytes added, 15:01, 22 January 2016
no edit summary
# Change the default policy on the INPUT and FORWARD chains in the filter table to DROP.
# Remove the rules from the INPUT and FORWARD chains that are rejecting all traffic (we are now better protected by the default policy).
# Create a new chain named MYSSH in the filter table. Refer to notes or other resources to learn now to name a chain.
# Add a rule to the beginning of the INPUT chain of your filter table that sends all ssh traffic (tcp packets with destination port 22) to your MYSSH chain.
#* Note: Use --jump o r-j (<u>not </u> --goto for that) to move to a target.
# Add a rule to your MYSSH chain to accpept all traffic on your virtual interface from 192.168.X.0/24 (i.e. your internal network).
# Add rules to the end of the MYSSH chain to drop all remaining ssh connections, but to log these denied packets with log level 'info' and log prefix "DENIED BY MYSSH" before doing so.
13,420
edits