Create connection limits for any users using a very basic script in the firewall area as shown below iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.1.100-10.212.3.200 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.3.1-10.212.3.254 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -m
Tag Archives: firewall
There are hundreds of bash scripts in that folder. They automate many operations, such as adding new firewall rules, QoS rules, managing network interfaces e.t.c. For example run to add new static DHCP entry. /root/kerbynet.cgi/scripts/dhcp_addstatic 00 192.168.10.10 AA:BB:CC:DD:EE:FF Remote execution of those commands can be done via ssh: ssh root @ ZEROSHELL.IP.ADDRESS “/root/kerbynet.cgi/scripts/command_to_run ARG1 ARG2
The online reference materials for configuring Cisco PIX Firewall Version 6.1 can be found at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/index.htm . I recommend you look there for the details we had to omit in this article. It is always a good idea to check the Release Notes, especially for open caveats (bugs) that may affect an advanced PIX implementation.
Another good source of information about the Cisco PIX is the Cisco CSPFA course. This is a security-certification track course. See http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=CourseDesc&COURSE_ID=1628 .
What Does a PIX Do?
The PIX is a firewall appliance based on a hardened, specially built operating system, PIX OS, minimizing possible OS-specific security holes. The PIX has received ICSA Firewall and IPsec certification as well as Common Criteria EAL4 evaluation status.