diff options
Diffstat (limited to 'security/firewall')
| -rw-r--r-- | security/firewall/pres_iptables.tex | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/security/firewall/pres_iptables.tex b/security/firewall/pres_iptables.tex index b45eddf..e7fd23d 100644 --- a/security/firewall/pres_iptables.tex +++ b/security/firewall/pres_iptables.tex @@ -201,38 +201,38 @@ Note: Use penetration tools \emph{very} carefully! \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Show all Chains of Table \emph{filter}:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -t filter -L iptables -L # Table filter is default \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Flush all Chains:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -F \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Set default Policies:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -P <CHAIN> <ACTION> \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{User-defined Chains:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -N <CHAIN> # create new chain iptables -X <CHAIN> # delete chain iptables -E <old> <new> # rename chain \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -240,7 +240,7 @@ iptables -E <old> <new> # rename chain \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Rules:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} iptables -A <CHAIN> <rule-spec> # append rule to chain iptables -C <CHAIN> <rule-spec> # find matching rule in chain @@ -250,7 +250,7 @@ iptables -I <CHAIN> <rule-num> <rule-spec> # insert rule in chain as rule-num iptables -R <CHAIN> <rule-num> <rule-spec> # replace rule in chain iptables -F <CHAIN> # flush all rules in chain \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -258,25 +258,25 @@ iptables -F <CHAIN> # flush all rules in chain \begin{frame}[containsverbatim] \frametitle{iptables: Commands} \begin{beamerboxesrounded}[shadow=true]{Rule specifications:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} --source <addr>/<mask> # match source IP/IP-range --sport <port> # match source port --destination <addr>/<mask> # match destination IP/IP-range --dport <port> # match destination port \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \begin{beamerboxesrounded}[shadow=true]{Match extensions:} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} --modprobe <module> # load target or match extension module --m connstate --ctstate <state> # extension connstate, match state --m icmp --icmp-type <type> # extension icmp-type, match packet type --m limit --limit <rate>/<ival> # extension limit, limit to rate per interval \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -298,7 +298,7 @@ iptables -F <CHAIN> # flush all rules in chain \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Preparation} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # set default policy iptables -P INPUT DROP # opt: REJECT, ACCEPT @@ -308,7 +308,7 @@ iptables -P OUTPUT DROP # opt: REJECT, ACCEPT iptables -F ... \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -316,7 +316,7 @@ iptables -F \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{SSH-Client} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # # Allow incoming traffic only @@ -325,7 +325,7 @@ iptables -F iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -333,7 +333,7 @@ iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Web-Server} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # # Allow outgoing traffic only @@ -344,7 +344,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED - iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -352,7 +352,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED - \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{FTP-Server (iptables-persistent script)} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} *filter :INPUT DROP [0:0] @@ -367,7 +367,7 @@ iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED - # Important: always necessary for iptables-restore COMMIT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -375,7 +375,7 @@ COMMIT \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{User-defined LOGDROP chain} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} # create new chain iptables -X LOGDROP @@ -383,7 +383,7 @@ iptables -N LOGDROP iptables -A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " --log-level 7 iptables -A LOGDROP -j DROP \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} @@ -391,7 +391,7 @@ iptables -A LOGDROP -j DROP \begin{frame}[containsverbatim] \frametitle{Example} \begin{beamerboxesrounded}[shadow=true]{Trace all outgoing traffic} -\begin{tiny} +\begin{scriptsize} \begin{verbatim} *filter @@ -407,7 +407,7 @@ iptables -A LOGDROP -j DROP # Important: always necessary for iptables-restore COMMIT \end{verbatim} -\end{tiny} +\end{scriptsize} \end{beamerboxesrounded} \end{frame} |