Sık Sorulan Sorular
Firewall Kuralları
Güncel 6 years ago
add action=drop chain=input comment="ROUTER PROTECT Drop Invalid connections" connection-state=invalid
add action=accept chain=input comment="ROUTER PROTECT Allow Established connections" connection-state=established
add action=accept chain=input comment="ROUTER PROTECT Allow ICMP" protocol=icmp
add action=accept chain=input comment="ROUTER PROTECT " src-address=172.16.0.0/24
add action=drop chain=input comment="ROUTER PROTECT Drop everything else"
add action=drop chain=forward comment="CUSTOMER PROTECT drop invalid connections" connection-state=invalid protocol=\
tcp
add action=accept chain=forward comment="CUSTOMER PROTECT allow already established connections" connection-state=\
established
add action=accept chain=forward comment="CUSTOMER PROTECT allow related connections" connection-state=related
add action=drop chain=forward comment="CUSTOMER PROTECT " src-address=0.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT " dst-address=0.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" src-address=127.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" dst-address=127.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" src-address=224.0.0.0/3
add action=drop chain=forward comment="CUSTOMER PROTECT" dst-address=224.0.0.0/3
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=tcp protocol=tcp
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=udp protocol=udp
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=icmp protocol=icmp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny RPC portmapper" dst-port=111 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny RPC portmapper" dst-port=135 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NetBus" dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny BackOriffice" dst-port=3133 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment=" CUSTOMER deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny BackOriffice" dst-port=3133 protocol=udp
add action=accept chain=icmp comment="PING PROTECT echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT host unreachable fragmentation required" icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment=" PING PROTECT deny all other types"
add action=accept chain=input comment="ROUTER PROTECT Allow Established connections" connection-state=established
add action=accept chain=input comment="ROUTER PROTECT Allow ICMP" protocol=icmp
add action=accept chain=input comment="ROUTER PROTECT " src-address=172.16.0.0/24
add action=drop chain=input comment="ROUTER PROTECT Drop everything else"
add action=drop chain=forward comment="CUSTOMER PROTECT drop invalid connections" connection-state=invalid protocol=\
tcp
add action=accept chain=forward comment="CUSTOMER PROTECT allow already established connections" connection-state=\
established
add action=accept chain=forward comment="CUSTOMER PROTECT allow related connections" connection-state=related
add action=drop chain=forward comment="CUSTOMER PROTECT " src-address=0.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT " dst-address=0.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" src-address=127.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" dst-address=127.0.0.0/8
add action=drop chain=forward comment="CUSTOMER PROTECT" src-address=224.0.0.0/3
add action=drop chain=forward comment="CUSTOMER PROTECT" dst-address=224.0.0.0/3
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=tcp protocol=tcp
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=udp protocol=udp
add action=jump chain=forward comment="CUSTOMER PROTECT" jump-target=icmp protocol=icmp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny RPC portmapper" dst-port=111 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny RPC portmapper" dst-port=135 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NetBus" dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny BackOriffice" dst-port=3133 protocol=tcp
add action=drop chain=tcp comment=" CUSTOMER PROTECT deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment=" CUSTOMER deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment=" CUSTOMER deny BackOriffice" dst-port=3133 protocol=udp
add action=accept chain=icmp comment="PING PROTECT echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT host unreachable fragmentation required" icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment=" PING PROTECT allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment=" PING PROTECT deny all other types"