Webmaster World Forum http://www.webmasterworld.com

Page is a not externally linkable
- Hardware and OS Related Technologies
-- Linux, Unix, and *nix like Operating Systems
---- [HELP] iptable for secure server

camilord - 4:39 pm on Sep 4, 2009 (gmt 0)

below is my newbie iptables rules.. as i ping google.com from my server... i can't ping google... is there better iptable rules i provided to protect my server?

=====================================

# flash all rules
iptables -F

# always allow the trusted IPs
iptables -A INPUT -p tcp -s 192.168.8.0/24 --dport 22 -j ACCEPT

# drop all request from NAT server
#iptables -I INPUT -p tcp -s 172.16.0.0/16 --dport 22 -j DROP

# deny all request from outside to MySQL
iptables -I INPUT -p tcp --dport 3306 -s ! 127.0.0.1 -j DROP

# accept all the following request of the specified ports
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 808 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 808 -j ACCEPT

# allow outgoing access
iptables -A OUTPUT -p tcp -s 0/0 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -j ACCEPT

# drop accessing old port of SSH
#iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP

# ping access/requests
#iptables -A OUTPUT -p icmp -s 0/0 -j DROP
#iptables -A INPUT -p icmp -s 0/0 -j DROP
iptables -p icmp --icmp-type echo-request -j ACCEPT
iptables -p icmp --icmp-type echo-reply -j ACCEPT

# drop all request/access to the machine
iptables -A INPUT -p tcp -s 0/0 -j DROP
iptables -A INPUT -p udp -s 0/0 -j DROP

Thread source:: http://www.webmasterworld.com/linux/3984106.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com