Syn-flood protection
Force SYN packet check
iptables –A INPUT –p tcp ! --syn –m state --state NEW –j DROP
Force Fragments packets check
iptables –A INPUT –f –j DROP
XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROPDrop all NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROPOnce system is secured, test your firewall with nmap or hping2 command:
# nmap -v -f FIREWALL-IP# nmap -v -sX FIREWALL-IP# nmap -v -sN FIREWALL-IP# hping2 -X FIREWALL-IP
Tidak ada komentar:
Posting Komentar