Hi Ariel,
I have added this script to my sme5.6 server to drop unwanted/unecessary ports on the firewall:
#!/bin/bash
# The following rules drop inbound connections to ports: 110,143,113
# they are not needed for this environment as all access is through
ssh and https.
# last line drops pings to the firewall's external interface
#
iptables -I INPUT -i eth1 -p tcp --dport 110 -j DROP
iptables -I INPUT -i eth1 -p tcp --dport 143 -j DROP
iptables -I INPUT -i eth1 -p tcp --dport 113 -j DROP
iptables -I INPUT -i eth1 -p icmp --icmp-type 8 -j DROP
Login as root. Create a file called "dropextra" with the above contents and any other ports you want dropped using the template, make it executable with :
[root@sme5.6 root]# chmod +x dropextra
Assuming your Internet ethernet interface is eth1 (default) you can adjust this for any additional ports/protocols. If you would like it to take effect on reboot and assuming you created the file in the root home directory just do this:
[root@sme5.6 root]# echo "/root/dropextra" >> /etc/rc.d/rc.local
Cheers
-m
[%sig%]
4 Replies
1651 Views