我有以下适用于 CentOS7 Web 服务器的 iptables 规则。我想获得适用于它们的 ip6tables 等效规则。如果这些规则和 ip6tables 规则之间需要进行任何更改,请告诉我 -
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
(tcp flag NONE packets)
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
(syn attacks, new connection without communication of purpose)
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
(XMAS packet)
iptables -A INPUT -i lo -j ACCEPT
(allow localhost)
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
(allow port 80)
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(allow port 443)
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
(allow ssh at port 22)
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
(drop pings asking for address)
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
(drop pings asking for timestamp)
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/second -j ACCEPT
(allow max 5 pings per second, beyond that, pings will be dropped, to prevent ping flooding)
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
(allow established and once connected connections)
iptables -P OUTPUT ACCEPT
(allow all outgoing packets)
iptables -P INPUT DROP
(disallow all incoming packets, except the ones stated above)