Ubuntu/iptables
From r00tedvw.com wiki
(Difference between revisions)
Line 30: | Line 30: | ||
====CVE-2015-7547==== | ====CVE-2015-7547==== | ||
− | attempt to [ https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html mitigate glibc vuln.]<br> | + | attempt to [https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html mitigate glibc vuln.]<br> |
~$ sudo iptables -A INPUT -p udp -m length --length 512:0xffff -j DROP -m comment --comment "mitigate CVE-2015-7547" | ~$ sudo iptables -A INPUT -p udp -m length --length 512:0xffff -j DROP -m comment --comment "mitigate CVE-2015-7547" |
Revision as of 14:54, 20 February 2016
- iptables
- allows you to configure network ports and more
lookup current active rules
iptables -L -n -v
remove a rule from IP Tables. Make sure to include the comment if a comment exists.
iptables -D INPUT 1 or iptables -D INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT or iptables -D INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT -m comment --comment "limit ssh access"
specify policy default
-P INPUT DROP
allow anything from itself (loopback)
-A INPUT -i lo -j ACCEPT
allow connection from specific address, inbound, using only TCP on a specific port
-A INPUT -s ip.address -p tcp --dport 22 -j ACCEPT
add a comment to the iptables rule
-m comment --comment "limit ssh access"
allow related and established
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
prevent packets from forwarding (like a router)
iptables -P FORWARD DROP
delete chain from iptables
iptables -X chain.name
save current IP Tables config
sudo sh -c "iptables-save > /etc/iptables.rules"
restore IP Tables config (also add this line to /etc/rc.local for it to auto run during boot)
iptables-restore < /etc/iptables.rules
CVE-2015-7547
attempt to mitigate glibc vuln.
~$ sudo iptables -A INPUT -p udp -m length --length 512:0xffff -j DROP -m comment --comment "mitigate CVE-2015-7547"