LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-12-2016, 01:13 AM   #31
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10

Quote:
Originally Posted by Turbocapitalist View Post
I'd go with the simpler rules close to those proposed by the list:

Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT
-A OUTPUT -j ACCEPT -m state --state NEW,RELATED,ESTABLISHED
COMMIT
The other rules you have contain a bunch of lines unnecessary for a regular desktop. See if those work. If they do, they can be adjusted but try them as-is first.
Then, in your idea Desktop user must not protect itself against DDoS attacks or...?
 
Old 12-12-2016, 01:14 AM   #32
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
OK, You consider that my system is not a Desktop and it is a Web Server and like to use Tor too.
 
Old 12-12-2016, 01:57 AM   #33
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,513
Blog Entries: 3

Rep: Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784
Quote:
Originally Posted by hack3rcon View Post
Then, in your idea Desktop user must not protect itself against DDoS attacks or...?
Most types of DDoS attacks can only be mitigated upstream. Your own packet filter can't help with that. But first things first: do the rules in #30 allow normal Desktop operation including using the Tor Browser Bundle? Yes/No?
 
Old 12-13-2016, 08:45 AM   #34
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by Turbocapitalist View Post
Most types of DDoS attacks can only be mitigated upstream. Your own packet filter can't help with that. But first things first: do the rules in #30 allow normal Desktop operation including using the Tor Browser Bundle? Yes/No?
#30?
 
Old 12-13-2016, 08:47 AM   #35
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,513
Blog Entries: 3

Rep: Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784Reputation: 2784
Quote:
Originally Posted by hack3rcon View Post
#30?
Yes, post #30 in this thread.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Tails 2.6 Anonymous Linux Live CD Is Out, Brings Tor 0.2.8.7 and Tor Browser 6.0.5 LXer Syndicated Linux News 0 09-21-2016 01:32 AM
LXer: Tor Browser 4.5.2 Is Out with the Latest Tor Anonymity Network Software LXer Syndicated Linux News 0 06-17-2015 02:40 PM
Iptables Rules For Tor On Alternative Ports Mytob Linux - Networking 2 02-16-2015 02:29 AM
block tor users with iptables? qwertyjjj Linux - Newbie 5 04-13-2013 05:59 PM
Tor, Squid, Privoxy behind iptables firewall mistersnorfles Linux - Security 7 12-13-2007 04:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration