Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Linux firewall settings -DNS server articles     - Oracle data files deleted recover after physical (Database)

- Linux system security settings (Linux)

- Linux System Getting Started Learning: hard disk partition, and to deal with traps (Linux)

- Install the Solaris 10 operating system environment over the network to sparc (Linux)

- Eclipse 3.7.2 can not start solving under Ubuntu 14.04 (Linux)

- C ++ pointer of the (error-prone model) (Programming)

- Linux process stack and process function stack frame (Linux)

- Linux into single user mode to modify the administrator password (Linux)

- Bash Getopts - let your script supports command line parameters (Linux)

- C ++ Supplements - References (Lvalue Reference, Rvalue Reference) (Linux)

- Debian 8 Jessie install LAMP server tutorial (Server)

- Python developer of time-saving method (Programming)

- How to modify the Emacs Major Mode Shortcuts (Linux)

- Caffe install under Ubuntu 14.04 64bit (Linux)

- Python Django direct implementation of sql statement (Programming)

- Zombie process under Linux (Linux)

- CentOS7 installed MySQL (Database)

- CentOS7 complete step to install Hadoop2.7 (Server)

- Linux dd command make U disk boot disk (Linux)

- Workaround CentOS error message during compilation PHP5 common (Linux)

 
         
  Linux firewall settings -DNS server articles
     
  Add Date : 2018-11-21      
         
         
         
  Just set up a DNS server, you need to open the firewall but do not know how to set up a friend, you can refer to the following, or directly use my script given below.

If the server is a DNS server used for the vast majority of cases, in order to turn on the firewall while normally provide related services, general settings are as follows:

[1] The first step: clear the default firewall rules

iptables -F
iptables -X
iptables -Z
Parameter Description:

-F: Clear all the rules that have been developed

-X: Clear all user-defined chain (it should be said that the tables)

(Extension: table - iptables Linux firewall default, there are three tables, Filter, NAT and Mangle, of course, the custom Filter which is the default form, chain-- chain, such as filter there is INPUT, OUTPUT, FORWARD three chains)

-Z: All the chain counts and cleared traffic statistics

Set reasons:

filter of three chains, the default policies are ACCEPT, apparently for INPUT, this is very dangerous, you can use the command iptables -L -n to view the default settings, or use the iptables-save command (listed in more detail firewall configuration information).

[2] The second step: setting policy

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
Set reasons:

DROP to drop, From 1, INPUT DROP strategy formulation is only relatively safe.

 

[3] The third step: the development of the rules according to the required service

 

(1) Set the machine as a trusted device

iptables -A INPUT -i lo -j ACCEPT
(2) the development of a remote ssh connection rules

iptables -A (add) INPUT (link) -p (specify the protocol) tcp (specified as the TCP protocol) --dport (specify the destination port number) 22 (specify the destination port number is 22) -j (designated operation) ACCEPT ( specify the action to accept)
(3) develop dns service rules

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
Description:

It allows new dns requests, while allowing to nslookup way to query to the server that is the source port 53 to query dns information.

(4) the development of other rules

iptables -A INPUT -p icmp -j ACCEPT
Description:

Can not, but in order to facilitate the detection server network connectivity, they still add.

 

[4] write firewall profiles

/etc/init.d/iptables save
Description:

To save, otherwise the above configuration will be made after the failure to restart the server.

Full implementation of the script is as follows:

#! / Bin / bash
PATH = / sbin: / bin: / usr / sbin: / usr / bin; export PATH
iptables -F
iptables -X
iptables -Z

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

/etc/init.d/iptables save
Save as .sh file with administrator privileges can execute.

Other commonly used commands:

View firewall configuration summary

iptables -L -n
See detailed firewall configuration

iptables-save
Important note:

    The firewall configuration must be careful, especially when done in the remote configuration, if not carefully defined rules clear, again the default rule is set to INPUT DROP, then there is no way to connect remotely, and with particular attention to this point .
     
         
         
         
  More:      
 
- Linux disk management practices (Linux)
- When the master key encounter NULL (Database)
- Android webView URL redirects affect goBack () (Programming)
- Create RAID 1 (mirroring) with two disks (Linux)
- Linux how to handle file names that contain spaces and special characters (Linux)
- Linux package management operations Basic entry (Linux)
- [JavaScript] catch (ex) statements of ex (Programming)
- The mv command to move the directory two cases under Linux (Linux)
- Writing Better Bash build script 8 (Programming)
- Linux Operating System Security Management Experience (Linux)
- How to use Android Studio to play more package names APK (Programming)
- HTTP and HTTPS request response process difference (Linux)
- Installation of Python2.7.10 under CentOS 6.4 (Linux)
- Linux shared libraries .so file name and Dynamic Link (Linux)
- Oracle 12c In-Memory Study (Database)
- Debugging with GDB tool Go (Programming)
- Puppet 3.5 Source package Installation and Configuration (Server)
- A detailed introduction to the Hadoop ecosystem (Server)
- MySQL5.7 JSON type using presentation (Database)
- Java executable file to read information from a database copy (Programming)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.