iptables - WEBお笑いエンジニアの日記

CentOS 6.5 さくらVPS

iptablesフィルタ設定ファイル新規作成

vi /etc/sysconfig/iptables

インバウンドはフィルタ、アウトバンドは全て開放
いずれのフィルタにもマッチしなかったらログ出力

*filter
:INPUT   ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT  ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# SSH, HTTP, HTTPS
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# LOG
-A RH-Firewall-1-INPUT -m limit --limit 1/s -j LOG --log-prefix "[iptables firewall] : " --log-level=info

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

rsyslogの設定

vi /etc/rsyslog.conf

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
kern.info /var/log/iptables.log

iptables,rsyslog再起動

/etc/init.d/iptables restart
/etc/init.d/rsyslog restart

許可していないポートにアクセスしてログ確認

Jan 28 18:44:26 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=23725 DF PROTO=TCP SPT=37967 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 28 18:44:26 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=23726 DF PROTO=TCP SPT=38761 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 28 18:44:26 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=44998 PROTO=TCP SPT=37967 DPT=8080 WINDOW=1024 RES=0x00 ACK RST URGP=0
Jan 28 18:44:26 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=45000 PROTO=TCP SPT=38761 DPT=8080 WINDOW=1024 RES=0x00 ACK RST URGP=0
Jan 28 18:44:26 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=23728 DF PROTO=TCP SPT=41488 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 28 18:44:33 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=23734 DF PROTO=TCP SPT=52180 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 28 18:44:33 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=23733 DF PROTO=TCP SPT=47279 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 28 18:44:33 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=45028 PROTO=TCP SPT=52180 DPT=8080 WINDOW=1024 RES=0x00 ACK RST URGP=0
Jan 28 18:44:33 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=45030 PROTO=TCP SPT=47279 DPT=8080 WINDOW=1024 RES=0x00 ACK RST URGP=0
Jan 28 18:44:33 hogehoge kernel: [iptables firewall] : IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=yyy.yyy.yyy.yyy DST=zzz.zzz.zzz.zzz LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=23748 DF PROTO=TCP SPT=56318 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0