Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Initialize Firewall
- Firewall::Firewall firewall = Firewall::Firewall();
- /////////////////////////////////////////// SSH SERVER ///////////////////////////////////////////
- // Create INPUT Chain Rule for SSH
- // allow to connect from everywhere
- TCPRule *input_rule = new TCPRule( Net::IPNet("0.0.0.0", 0), Net::IPNet("0.0.0.0", 0) );
- // server port is 22
- input_rule->addDestPort( Net::Ports(22) );
- // must be a client, sourcePort >= 1024
- input_rule->addSourcePort( Net::Ports(1024, 65535) );
- // allow only incoming packets to establish the connection
- State *stateIn = new State();
- stateIn->addState(S_NEW);
- stateIn->addState(S_ESTABLISHED);
- stateIn->addState(S_RELATED);
- // add the module to the rule
- input_rule->addModule(stateIn);
- // finnaly tell the rule how to deal with that (target)
- input_rule->Accept();
- // insert the rule into the input chain
- Firewall::Firewall::Input->Insert(input_rule);
- // Create OUTPUT Chain Rule for SSH
- // allow to connect from everywhere
- TCPRule *output_rule = new TCPRule( Net::IPNet("0.0.0.0", 0), Net::IPNet("0.0.0.0", 0) );
- // must be a client, sourcePort >= 1024
- output_rule->addDestPort( Net::Ports(1024, 65535) );
- // server port is 22
- output_rule->addSourcePort( Net::Ports(22) );
- // allow only established connections to pass
- State *stateOut = new State();
- stateOut->addState(S_ESTABLISHED);
- stateOut->addState(S_RELATED);
- // add the module to the rule
- output_rule->addModule(stateOut);
- // finnaly tell the rule how to deal with that (target)
- output_rule->Accept();
- // insert the rule into the output chain
- Firewall::Firewall::Output->Insert(output_rule);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
