Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sshguard to firewall.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2026-03-21 20:30:25 +00:00
commit 61ee3062c6
3 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.gitattributesdb
View file

@ -296,10 +296,10 @@ ZmlyZXdhbGw= - -
ZXRjL2ZpcmV3YWxsLy5naXRpZ25vcmU= 1773947378.243078506 1773947378.243078506 root:root 0644 - - ZXRjL2ZpcmV3YWxsLy5naXRpZ25vcmU= 1773947378.243078506 1773947378.243078506 root:root 0644 - -
ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - - ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - -
ZmlyZXdhbGw= - - ZmlyZXdhbGw= - -
ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjQucnVsZXM= 1774117077.300248767 1773861600.980550947 root:root 0644 - - ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjQucnVsZXM= 1774124942.942844576 1773861600.980550947 root:root 0644 - -
ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - - ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - -
ZmlyZXdhbGw= - - ZmlyZXdhbGw= - -
ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjYucnVsZXM= 1774117037.544906108 1773861600.980550947 root:root 0644 - - ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjYucnVsZXM= 1774124987.466117124 1773861600.980550947 root:root 0644 - -
ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - - ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - -
ZXRjL2ZzdGFi 1774103611.886951171 1771501851.000000000 root:root 0644 - - ZXRjL2ZzdGFi 1774103611.886951171 1771501851.000000000 root:root 0644 - -
ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - - ZXRj 1774124129.988147011 1771501908.000000000 root:root 0755 - -

2
etc/firewall/default_v4.rules
View file

@ -3,6 +3,7 @@
:INPUT DROP [0:0] :INPUT DROP [0:0]
:FORWARD DROP [0:0] :FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
:sshguard - [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT
@ -16,6 +17,7 @@
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -j sshguard
-A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT

2
etc/firewall/default_v6.rules
View file

@ -3,6 +3,7 @@
:INPUT DROP [0:0] :INPUT DROP [0:0]
:FORWARD DROP [0:0] :FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
:sshguard - [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT -A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT
@ -18,6 +19,7 @@
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
-A INPUT -j sshguard
-A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT