Welcome to WebmasterWorld Guest from 107.21.175.43

Forum Moderators: bakedjake

Message Too Old, No Replies

[HELP] iptable for secure server

iptables, security, server

     

camilord

4:39 pm on Sep 4, 2009 (gmt 0)

5+ Year Member



below is my newbie iptables rules.. as i ping google.com from my server... i can't ping google... is there better iptable rules i provided to protect my server?


=====================================

# flash all rules
iptables -F

# always allow the trusted IPs
iptables -A INPUT -p tcp -s 192.168.8.0/24 --dport 22 -j ACCEPT

# drop all request from NAT server
#iptables -I INPUT -p tcp -s 172.16.0.0/16 --dport 22 -j DROP

# deny all request from outside to MySQL
iptables -I INPUT -p tcp --dport 3306 -s ! 127.0.0.1 -j DROP

# accept all the following request of the specified ports
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 808 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 808 -j ACCEPT

# allow outgoing access
iptables -A OUTPUT -p tcp -s 0/0 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -j ACCEPT

# drop accessing old port of SSH
#iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP

# ping access/requests
#iptables -A OUTPUT -p icmp -s 0/0 -j DROP
#iptables -A INPUT -p icmp -s 0/0 -j DROP
iptables -p icmp --icmp-type echo-request -j ACCEPT
iptables -p icmp --icmp-type echo-reply -j ACCEPT

# drop all request/access to the machine
iptables -A INPUT -p tcp -s 0/0 -j DROP
iptables -A INPUT -p udp -s 0/0 -j DROP

 

Featured Threads

Hot Threads This Week

Hot Threads This Month