How can I protect forwarding
Posted: 11 Jun 2020, 23:49
Hi,
i need to protect FORWARD rules , csf.redirect
When I attack 80 port, I'm blocked *SYNFLOOD Blocked* " 
But when I attack the 8080 port, I am never blocked
8080 port forwarding to another server
can i do that ?
thank you.
i need to protect FORWARD rules , csf.redirect
Code: Select all
-A INPUT ! -i lo -j LOCALINPUT
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYNFLOOD
-A INPUT ! -i lo -p tcp -j INVALID
-A INPUT ! -i lo -p icmp -m icmp --icmp-type 8 -j LOGDROPIN
-A INPUT ! -i lo -p icmp -j ACCEPT
-A INPUT ! -i lo -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
-A INPUT ! -i lo -j LOGDROPIN
-A FORWARD ! -i lo -p tcp -m tcp --dport 8080 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD ! -i lo -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT ! -o lo -j LOCALOUTPUT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT ! -o lo -p tcp -j INVALID
-A OUTPUT ! -o lo -p icmp -m icmp --icmp-type 8 -j LOGDROPOUT
-A OUTPUT ! -o lo -p icmp -j ACCEPT
-A OUTPUT ! -o lo -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
-A OUTPUT ! -o lo -j LOGDROPOUT
-A SYNFLOOD -m limit --limit 30/sec --limit-burst 10 -j RETURN
-A SYNFLOOD -m limit --limit 30/min -j LOG --log-prefix "Firewall: *SYNFLOOD Blocked* "
-A SYNFLOOD -j DROPBut when I attack the 8080 port, I am never blocked
8080 port forwarding to another server
can i do that ?
thank you.