firewall: i've forgot to allow ESTABLISHED,… OUTPUT connections

firewall: increase LOG limit-burst to 10
2015-09-16 23:02:23 +02:00 · 2015-09-16 23:02:23 +02:00 · d7a819df4b
parent c699ff9c4d
commit d7a819df4b
2 changed files with 12 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -5,7 +5,8 @@ Some useful scripts (for me) that can be added to $PATH :)
 ## List:
 * bash_quote: Get a random quote from http://danstonchat.com
-* dynmotd/: scripts to update the motd (via the /etc/update-motd.d directory).
+* firewall: A script shell to set some iptables rules.
 * update-dynmotd.d/: scripts to update the motd (via the /etc/update-motd.d directory).
 * flac_to_mp3: convert all flac files of a directory into mp3.
 * snapsend.sh: Send a ZFS snapshot to a remote host.
 * test_ssl3: Test if a website supportes the SSLV3 protocol.
--- a/20
+++ b/20
@ -189,7 +189,7 @@ fw_start() {
  ##  OUTPUT  ##
  ##############
  #### Ne pas casser les connexions etablies
-#  $IPT -A OUTPUT -j ACCEPT -p all -o "${ILAN}" -s "${IPLAN}" -m state --state RELATED,ESTABLISHED,UNTRACKED
+  $IPT -A OUTPUT -j ACCEPT -p all -o "${ILAN}" -s "${IPLAN}" -m state --state RELATED,ESTABLISHED,UNTRACKED
 #
 #  #### ICMP reply (Ping)
 #  #$IPT -A OUTPUT -j ACCEPT -p icmp -o "${ILAN}" --icmp-type 0 -s "${IPLAN}" -d 0/0 -m state --state ESTABLISHED,RELATED -m comment --comment "ICMP reply"
@ -277,23 +277,23 @@ fw_log() {
  # LOG INPUT DROP PAQUET
  $IPT -N INPLOG
  $IPT -A INPUT -j INPLOG
-  $IPT -A INPLOG -p tcp -m limit --limit 5/min -j LOG --log-prefix "Drop-IN [tcp]: "
+  $IPT -A INPLOG -p tcp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-IN [tcp]: "
-  $IPT -A INPLOG -p udp -m limit --limit 5/min -j LOG --log-prefix "Drop-IN [udp]: "
+  $IPT -A INPLOG -p udp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-IN [udp]: "
-  $IPT -A INPLOG -p icmp -m limit --limit 5/min -j LOG --log-prefix "Drop-IN [icmp]: "
+  $IPT -A INPLOG -p icmp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-IN [icmp]: "
  # LOG OUTPUT DROP PAQUET
  $IPT -N OUTLOG
  $IPT -A OUTPUT -j OUTLOG
-  $IPT -A OUTLOG -p tcp -m limit --limit 5/min -j LOG --log-prefix "Drop-OUT [tcp]: "
+  $IPT -A OUTLOG -p tcp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-OUT [tcp]: "
-  $IPT -A OUTLOG -p udp -m limit --limit 5/min -j LOG --log-prefix "Drop-OUT [udp]: "
+  $IPT -A OUTLOG -p udp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-OUT [udp]: "
-  $IPT -A OUTLOG -p icmp -m limit --limit 5/min -j LOG --log-prefix "Drop-OUT [icmp]: "
+  $IPT -A OUTLOG -p icmp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-OUT [icmp]: "
  # LOG FORWARD DROP PAQUET
  $IPT -N FORLOG
  $IPT -A FORWARD -j FORLOG
-  $IPT -A FORLOG -p tcp -m limit --limit 5/min -j LOG --log-prefix "Drop-FOR [tcp]: "
+  $IPT -A FORLOG -p tcp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-FOR [tcp]: "
-  $IPT -A FORLOG -p udp -m limit --limit 5/min -j LOG --log-prefix "Drop-FOR [udp]: "
+  $IPT -A FORLOG -p udp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-FOR [udp]: "
-  $IPT -A FORLOG -p icmp -m limit --limit 5/min -j LOG --log-prefix "Drop-FOR [icmp]: "
+  $IPT -A FORLOG -p icmp -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "Drop-FOR [icmp]: "
 }