HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   iptables ruleset (http://www.howtoforge.com/forums/showthread.php?t=52633)

erosbk 11th May 2011 06:43

iptables ruleset
 
Hello all,

I am starting to define the ruleset for iptables... I am open to recommendations, is my intention to begin in this way (please, guide me if this is or not recommended, I am in the beautifull learning curve xD)

Code:

*filter
-A INPUT -p all --dport  1:65535 -j DROP
-A INPUT -p tcp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns2ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns2ip/32 --dport 3306 -j ACCEPT
....
 ----- other rules to ACCEPT traffic for other ports
COMMIT

Thank you very much.-

Edit: ok, bad idea to begin with DROP for all ports xD. The correct way I assume is to Allow first everything I want, and use the first line in the code as the last line xD

If someone could give about hidding things to have in count, it is welcome.


All times are GMT +2. The time now is 07:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.