Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sshguard to firewall.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2026-03-21 20:30:25 +00:00
commit 61ee3062c6
3 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/firewall/default_v4.rules
View file

@ -3,6 +3,7 @@
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:sshguard - [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT
@ -16,6 +17,7 @@
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -j sshguard
-A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT

2
etc/firewall/default_v6.rules
View file

@ -3,6 +3,7 @@
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:sshguard - [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT
@ -18,6 +19,7 @@
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
-A INPUT -j sshguard
-A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT