Greetings, I want to know if I can translate some of these rules and if it's possible to translate them. Any help would be appreciated !
I manged to translate:
This last line I am very uncertain though.
Code:
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p TCP --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p TCP --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p TCP ! --syn -m state --state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p ICMP -m state --state NEW --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/second -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 2525 -m state --state NEW -m recent ! --rcheck --seconds 300 --hitcount 4 --name ssh --rsource -j ACCEPT
iptables -A INPUT -p TCP --dport 2525 -j LOG --log-prefix "Unauthorize SSH ** (special port) "
iptables -A INPUT -p TCP --dport 22 -j LOG --log-prefix "Unauthorize SSH ** (standard port) " # Log the attempt
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p ALL -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
I manged to translate:
Code:
ipwf add 300 deny icmp from any to any icmptypes 17
ipwf add 310 deny icmp from any to any icmptypes 13
ipwf add 310 deny all from any to any out recv ${card} keep-state :FORWARD
This last line I am very uncertain though.