Host protection is one part of protecting a host, by preventing inbound packets from reaching higher layers. This is no substitute for tight application layer security. Strong network and host-level packet filters mitigate a host's exposure when it is connected to a network.
Example for Blocking a destination and using the REJECT target
[root@masq-gw]#iptables -I FORWARD -p tcp -d 209.10.26.51 --dport 22 -j REJECT[root@tristan]#ssh 209.10.26.51ssh: connect to address 209.10.26.51 port 22: Connection refused[root@masq-gw]#tcpdump -nnq -i eth2tcpdump: listening on eth2
22:16:59.111947 192.168.99.35.51991 > 209.10.26.51.22: tcp 0 (DF)
22:16:59.112270 192.168.99.254 > 192.168.99.35: icmp: 209.10.26.51 tcp port 22 unreachable (DF) [tos 0xc0]
No comments:
Post a Comment