{"id":83,"date":"2016-10-26T12:21:26","date_gmt":"2016-10-26T03:21:26","guid":{"rendered":"http:\/\/jook.pe.kr\/?p=83"},"modified":"2016-10-26T12:21:26","modified_gmt":"2016-10-26T03:21:26","slug":"iptables-%eb%b0%a9%ed%99%94%eb%b2%bd-%ec%8b%a4%ed%96%89-%ec%8a%a4%ed%81%ac%eb%a6%bd%ed%8a%b8","status":"publish","type":"post","link":"http:\/\/jook.pe.kr\/?p=83","title":{"rendered":"iptables \ubc29\ud654\ubcbd \uc2e4\ud589 \uc2a4\ud06c\ub9bd\ud2b8"},"content":{"rendered":"<p>iptables \ubc29\ud654\ubcbd \uc2a4\ud06c\ub9bd\ud2b8.<\/p>\n<p>=========================================================<br \/>\n#!\/bin\/bash<\/p>\n<p>IPTABLES=\/sbin\/iptables<\/p>\n<p>echo 1 &gt;\/proc\/sys\/net\/ipv4\/tcp_syncookies<br \/>\necho 1 &gt;\/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts<\/p>\n<p>if [ -e \/proc\/sys\/net\/ipv4\/conf\/all\/rp_filter ]; then<br \/>\nfor f in \/proc\/sys\/net\/ipv4\/conf\/*\/rp_filter; do<br \/>\necho 1 &gt; $f<br \/>\ndone<br \/>\nfi<br \/>\n$IPTABLES -F INPUT<br \/>\n$IPTABLES -F OUTPUT<br \/>\n$IPTABLES -A INPUT -i lo -j ACCEPT<br \/>\n$IPTABLES -A OUTPUT -o lo -j ACCEPT<\/p>\n<p>$IPTABLES -A INPUT -m state &#8211;state INVALID -j DROP<br \/>\n$IPTABLES -A OUTPUT -m state &#8211;state INVALID -j DROP<\/p>\n<p>$IPTABLES -A INPUT -p tcp -m state &#8211;state ESTABLISHED,RELATED -j ACCEPT<\/p>\n<p>$IPTABLES -A INPUT -p tcp &#8211;dport 20:22 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 25 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 53 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 80 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 110 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 143 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 443 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 953 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 3306 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n$IPTABLES -A INPUT -p tcp &#8211;dport 8080 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<\/p>\n<p>$IPTABLES -A INPUT -p tcp -j DROP<br \/>\n$IPTABLES -A OUTPUT -p tcp &#8211;dport 6666:6667 -j DROP<\/p>\n<p>=========================================================<\/p>\n","protected":false},"excerpt":{"rendered":"<p>iptables \ubc29\ud654\ubcbd \uc2a4\ud06c\ub9bd\ud2b8. ========================================================= #!\/bin\/bash IPTABLES=\/sbin\/iptables echo 1 &gt;\/proc\/sys\/net\/ipv4\/tcp_syncookies echo 1 &gt;\/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts if [ -e \/proc\/sys\/net\/ipv4\/conf\/all\/rp_filter ]; then for f<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,7],"tags":[],"_links":{"self":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/83"}],"collection":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83"}],"version-history":[{"count":0,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/83\/revisions"}],"wp:attachment":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}