From: Reid <reid_sf@yahoo.com>
To: netfilter@lists.netfilter.org
Subject: Configuration question for my first iptables setup
Date: Mon, 2 Jul 2007 12:12:38 -0700 (PDT) [thread overview]
Message-ID: <831957.88102.qm@web54203.mail.re2.yahoo.com> (raw)
I am brand new to iptables, and I want to setup a basic firewall for a dedicated web server. I'm
accessing the server remotely, and already locked myself out once.
I've come up with the configuration below, but feel like I don't know what I'm doing. Does the
following look reasonable? Am I overlooking anything major? Thank you for input.
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:10000
DROP tcp -- anywhere anywhere tcp dpts:2049:2050
DROP tcp -- anywhere anywhere tcp dpts:x11:6063
DROP tcp -- anywhere anywhere tcp dpts:afs3-fileserver:7010
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
>
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
next reply other threads:[~2007-07-02 19:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-02 19:12 Reid [this message]
2007-07-04 11:04 ` Configuration question for my first iptables setup Gáspár Lajos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=831957.88102.qm@web54203.mail.re2.yahoo.com \
--to=reid_sf@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.