Gufw

add simple server protection rules

Asked by Soul-Sing

protection of Denial of Service attacks
example:

iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT

protection against 'Syn-flood',:

iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

protection against 'Ping of deaths':
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

Question information

Language:
English Edit question
Status:
Answered
For:
Gufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Vadim Peretokin (vperetokin) said : 		#1

That looks good, but can you translate that into ufw language?

Revision history for this message
Soul-Sing (soulzing) said : 		#2

than we need an extra layer in the program: the -gui, -ufw, and IP-tables.
it can not been done in ufw only.....

Revision history for this message
Vadim Peretokin (vperetokin) said : 		#3

Hmm, alright. Marcos would be best to handle this then.

Revision history for this message
costales (costales) said : 		#4

Hi!
Read the man ufw, but It's the "limit" in ufw/Gufw in Intrepid Ibex ;)
Best regards.

Revision history for this message
Soul-Sing (soulzing) said : 		#5

Hi
I think these basic server protection rules are not supported by ufw, i have studied ufw carefully, and asked arround. a firewall in linux is mostly used on servers, not on a simple desktop system. (?)
In the future(?) :) we have to add iptables as an extra/ladditional layer to the program? or i am getting wild and irrational now? ;)
Marcos do you think ufw alone can add these basic server protection rules?
(many question marks......sorry bout that....)

Revision history for this message
costales (costales) said : 		#6

I think rule, it can't :O

Can you help with this problem?

Provide an answer of your own, or ask Soul-Sing for more information if necessary.

To post a message you must log in.