Changes between Version 8 and Version 9 of HowTo/SakuraVpsSetup3


Ignore:
Timestamp:
Apr 29, 2017, 6:47:06 AM (8 years ago)
Author:
村山 俊之
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowTo/SakuraVpsSetup3

    v8 v9  
    138138/sbin/iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
    139139/sbin/iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
     140
     141# SNMP blocking
     142/sbin/iptables -A OUTPUT -m udp -p udp -m multiport --dports 161,162 -j REJECT --reject-with icmp-port-unreachable
    140143}}}
    141144{{{
     
    164167/sbin/ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable
    165168/sbin/ip6tables -A FORWARD -j REJECT --reject-with icmp6-port-unreachable
     169
     170# SNMP blocking
     171/sbin/ip6tables -A OUTPUT -m udp -p udp -m multiport --dports 161,162 -j REJECT --reject-with icmp6-port-unreachable
    166172}}}
    167173{{{
     
    186192Chain OUTPUT (policy ACCEPT)
    187193target     prot opt source               destination         
     194REJECT     udp  --  0.0.0.0/0            0.0.0.0/0            udp multiport dports 161,162 reject-with icmp-port-unreachable
    188195# ip6tables -L -n
    189196Chain INPUT (policy ACCEPT)
     
    201208Chain OUTPUT (policy ACCEPT)
    202209target     prot opt source               destination         
    203 #
     210REJECT     udp      ::/0                 ::/0                 udp multiport dports 161,162 reject-with icmp6-port-unreachable
     211#
    204212}}}
    205213 1. iptables-persistent をインストールし、iptables の設定を保存する
     
    211219{{{
    212220# cat /etc/iptables/rules.v4
    213 # Generated by iptables-save v1.6.0 on Fri Apr 28 17:47:41 2017
     221# Generated by iptables-save v1.6.0 on Sat Apr 29 06:40:35 2017
    214222*filter
    215223:INPUT ACCEPT [0:0]
    216224:FORWARD ACCEPT [0:0]
    217 :OUTPUT ACCEPT [234:24432]
     225:OUTPUT ACCEPT [283:43644]
    218226-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    219227-A INPUT -p icmp -j ACCEPT
     
    222230-A INPUT -j REJECT --reject-with icmp-port-unreachable
    223231-A FORWARD -j REJECT --reject-with icmp-port-unreachable
     232-A OUTPUT -p udp -m udp -m multiport --dports 161,162 -j REJECT --reject-with icmp-port-unreachable
    224233COMMIT
    225 # Completed on Fri Apr 28 17:47:41 2017
     234# Completed on Sat Apr 29 06:40:35 2017
    226235# cat /etc/iptables/rules.v6
    227 # Generated by ip6tables-save v1.6.0 on Fri Apr 28 17:47:41 2017
     236# Generated by ip6tables-save v1.6.0 on Sat Apr 29 06:40:35 2017
    228237*filter
    229238:INPUT ACCEPT [0:0]
    230239:FORWARD ACCEPT [0:0]
    231 :OUTPUT ACCEPT [106:10896]
     240:OUTPUT ACCEPT [0:0]
    232241-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    233242-A INPUT -p icmp -j ACCEPT
     
    236245-A INPUT -j REJECT --reject-with icmp6-port-unreachable
    237246-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
     247-A OUTPUT -p udp -m udp -m multiport --dports 161,162 -j REJECT --reject-with icmp6-port-unreachable
    238248COMMIT
    239 # Completed on Fri Apr 28 17:47:41 2017
    240 #
     249# Completed on Sat Apr 29 06:40:35 2017
     250# 
    241251}}}
    242252