This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
networking:firewall:csf [2022/08/22 08:48] gcooper |
networking:firewall:csf [2023/03/10 10:46] gcooper |
||
---|---|---|---|
Line 45: | Line 45: | ||
wget -q http:// | wget -q http:// | ||
add-apt-repository universe && apt update | add-apt-repository universe && apt update | ||
+ | |||
apt install webmin unzip ipset libwww-perl liblist-compare-perl \ | apt install webmin unzip ipset libwww-perl liblist-compare-perl \ | ||
liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | liblwp-protocol-https-perl libio-socket-ssl-perl libcrypt-ssleay-perl \ | ||
Line 61: | Line 62: | ||
systemctl status ufw.service | systemctl status ufw.service | ||
ufw status verbose | ufw status verbose | ||
- | ufw allow 10000/tcp #Webmin | + | ufw allow from < |
</ | </ | ||
Line 199: | Line 200: | ||
|Testing | |Testing | ||
|IPV6 | |IPV6 | ||
- | |TCP_IN | + | |TCP_IN |
- | |TCP_OUT | + | |TCP_OUT |
|UDP_IN | |UDP_IN | ||
|UDP_OUT | |UDP_OUT | ||
- | |TCP6_IN | + | |TCP6_IN |
- | |TCP6_OUT | + | |TCP6_OUT |
|UDP6_IN | |UDP6_IN | ||
|UDP6_OUT | |UDP6_OUT | ||
Line 213: | Line 214: | ||
|LF_IPSET | |LF_IPSET | ||
|SYNFLOOD | |SYNFLOOD | ||
- | |CONNLIMIT | + | |CONNLIMIT |
- | |PORTFLOOD | + | |PORTFLOOD |
|DROP_OUT_LOGGING | |DROP_OUT_LOGGING | ||
|CONNLIMIT_LOGGING | |CONNLIMIT_LOGGING | ||
Line 281: | Line 282: | ||
To allow a range of ports to and from a remote host: | To allow a range of ports to and from a remote host: | ||
+ | |||
+ | # Webmin Access | ||
+ | tcp|in|d=10000|s=1.2.3.4 | ||
< | < | ||
Line 511: | Line 515: | ||
====== LFD - Login Failure Daemon ====== | ====== LFD - Login Failure Daemon ====== | ||
+ | |||
+ | **Custom RegEx**: https:// | ||
LFD does more than just monitor log files for login failures. | LFD does more than just monitor log files for login failures. | ||
Line 534: | Line 540: | ||
**Virtualmin SMTP**: https:// | **Virtualmin SMTP**: https:// | ||
- | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. | + | :!: The Postfix MTA is not directly supported by LFD. You must use custom settings. |
==== CentOS ==== | ==== CentOS ==== |