modified preseed.cfg to initialize network protection

2018-12-19 16:17:02 +01:00
parent dedc241daf
commit ed49a5e8f0
7 changed files with 51 additions and 72 deletions
--- a/files/firewall.conf
+++ b/files/firewall.conf
@@ -49,5 +49,8 @@ COMMIT
 -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+-N port-scanning
+-A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit  --limit 1/s --limit-burst 2 -j RETURN
+-A port-scanning -j DROP
 COMMIT
 # Completed on Sat Nov 17 14:32:27 2018