From c0c5a3c7403e8e35b1a34af3cdbb2992681a4024 Mon Sep 17 00:00:00 2001 From: Preetham Ananthkumar Date: Thu, 20 Jul 2023 15:05:18 +0100 Subject: [PATCH] Added firewall rules to reject outgoing and incoming packets between External subnet and LDAP --- Central-router.startup | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Central-router.startup b/Central-router.startup index 641528f..f8fba43 100755 --- a/Central-router.startup +++ b/Central-router.startup @@ -57,3 +57,13 @@ iptables -A FORWARD -i eth3 -o eth1 -s 10.0.3.0/24 -d 10.0.1.0/24 -p icmp --icmp iptables -A FORWARD -i eth4 -o eth1 -s 10.0.4.0/24 -d 10.0.1.0/24 -p icmp --icmp-type 8 -j DROP iptables -A FORWARD -i eth5 -o eth1 -s 10.0.5.0/24 -d 10.0.1.0/24 -p icmp --icmp-type 8 -j DROP iptables -A FORWARD -i eth6 -o eth1 -s 10.0.6.0/24 -d 10.0.1.0/24 -p icmp --icmp-type 8 -j DROP + +# Allow incoming ICMP Echo Request (ping) from External subnet to specific machines in Server subnet +iptables -A FORWARD -s 10.0.2.0/24 -d 10.0.5.2 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED -j ACCEPT +iptables -A FORWARD -s 10.0.2.0/24 -d 10.0.5.4 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED -j ACCEPT + +# Drop incoming ICMP Echo Request (ping) from External to LDAP (for all other machines in External subnet) +iptables -A FORWARD -s 10.0.2.0/24 -d 10.0.5.3 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED -j DROP + +# Drop incoming ICMP Echo Request (ping) from LDAP to External subnet +iptables -A FORWARD -s 10.0.5.3 -d 10.0.2.0/24 -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED -j DROP