homepage Welcome to WebmasterWorld Guest from 54.227.67.210
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
[HELP] iptable for secure server
iptables, security, server
camilord




msg:3984108
 4:39 pm on Sep 4, 2009 (gmt 0)

below is my newbie iptables rules.. as i ping google.com from my server... i can't ping google... is there better iptable rules i provided to protect my server?


=====================================

# flash all rules
iptables -F

# always allow the trusted IPs
iptables -A INPUT -p tcp -s 192.168.8.0/24 --dport 22 -j ACCEPT

# drop all request from NAT server
#iptables -I INPUT -p tcp -s 172.16.0.0/16 --dport 22 -j DROP

# deny all request from outside to MySQL
iptables -I INPUT -p tcp --dport 3306 -s ! 127.0.0.1 -j DROP

# accept all the following request of the specified ports
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 808 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 808 -j ACCEPT

# allow outgoing access
iptables -A OUTPUT -p tcp -s 0/0 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -j ACCEPT

# drop accessing old port of SSH
#iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP

# ping access/requests
#iptables -A OUTPUT -p icmp -s 0/0 -j DROP
#iptables -A INPUT -p icmp -s 0/0 -j DROP
iptables -p icmp --icmp-type echo-request -j ACCEPT
iptables -p icmp --icmp-type echo-reply -j ACCEPT

# drop all request/access to the machine
iptables -A INPUT -p tcp -s 0/0 -j DROP
iptables -A INPUT -p udp -s 0/0 -j DROP

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved