Tag Archives: firewall

Iptables and Connection Limits

Create connection limits for any users using a very basic script in the firewall area as shown below   iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.1.100-10.212.3.200 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.3.1-10.212.3.254 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -m

Read More

Auto provision clients in ZeroShell

There are hundreds of bash scripts in that folder. They automate many operations, such as adding new firewall rules, QoS rules, managing network interfaces e.t.c. For example run to add new static DHCP entry. /root/kerbynet.cgi/scripts/dhcp_addstatic 00 192.168.10.10 AA:BB:CC:DD:EE:FF Remote execution of those commands can be done via ssh: ssh root @ ZEROSHELL.IP.ADDRESS “/root/kerbynet.cgi/scripts/command_to_run ARG1 ARG2

Read More

Cisco PIX Firewall Basics

Cisco PIX Firewall Basics

Introduction

The online reference materials for configuring Cisco PIX Firewall Version 6.1 can be found at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/index.htm . I recommend you look there for the details we had to omit in this article. It is always a good idea to check the Release Notes, especially for open caveats (bugs) that may affect an advanced PIX implementation.

Another good source of information about the Cisco PIX is the Cisco CSPFA course. This is a security-certification track course. See http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=CourseDesc&COURSE_ID=1628 .

What Does a PIX Do?

The PIX is a firewall appliance based on a hardened, specially built operating system, PIX OS, minimizing possible OS-specific security holes. The PIX has received ICSA Firewall and IPsec certification as well as Common Criteria EAL4 evaluation status.

Read More

Bad Behavior has blocked 333 access attempts in the last 7 days.