AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Ssh bastion hardening2/11/2024 iptables-save just prints to standard out the current in memory rules, and saving this output to the file /etc/sysconfig/iptables tells the iptables service to run these rules on boot.Īs you can see, that wasn’t a great deal of work, but we’ve already taken significant strides towards Linux Hardening our Bastion Host. The last line actually persists the rules so the iptables service will reinitialize these rules in the kernel on boot. This creates a set of in memory rules, meaning if I reboot the box they’ll be wiped clean. These commands demonstrate running iptables as a command-line utility. ![]() All other inbound packets are silently dropped. The comment explains what we’re doing line-by-line, but to paraphrase further, I’m allowing any inbound packets on the lookback adapter, any inbound packets that are part of an established connection, inbound DHCP (so we can get our dynamic IP address), and inbound TCP on port 443 (where we’re running SSH). Iptables- save > / etc/ sysconfig/ iptables First, we’re going to enable and start it as a service: It is also a service that can be configured to run a set of firewall rules each time a Linux machine spins up. Iptables is a command-line tool for configuring firewall rules, which are actually enforced by the Linux kernel. This can really slow down brute force attacks, notify you when such attacks are occurring, and give you an opportunity to take corrective action if required.
0 Comments
Read More
Leave a Reply. |