View Single Post
  #1  
Old 10th May 2008, 21:44
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default Improve the Firewall rules

Hi guys,

I need to reduce the traffic in my server.
This is the situation:
Code:
[root@server1 ~]# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2654/mysqld
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2264/rpcbind
tcp        0      0 0.0.0.0:33777               0.0.0.0:*                   LISTEN      2289/rpc.statd
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      9801/master
tcp        1      0 000.000.000.000:42036         194.116.84.8:80             CLOSE_WAIT  2941/python
tcp     1168      0 000.000.000.000:55582         130.57.1.88:80              CLOSE_WAIT  2941/python
tcp        1      0 000.000.000.000:49936         66.35.62.162:80             CLOSE_WAIT  2941/python
tcp        0      0 :::993                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::995                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::80                       :::*                        LISTEN      9721/httpd
tcp        0      0 :::21                       :::*                        LISTEN      9840/proftpd: (acce
tcp        0      0 :::22                       :::*                        LISTEN      2541/sshd
tcp        0      0 :::443                      :::*                        LISTEN      9721/httpd
tcp        0   2076 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53827   ESTABLISHED 20027/0
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2418   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:110    ::ffff:82.49.214.62:53884   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:3657    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53133   ESTABLISHED 13733/sshd: root@no
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2416   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.231.123.243:49288 TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2419   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53801   ESTABLISHED 19813/sshd: root@no
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2417   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:74.6.23.225:35204    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.231.123.243:49289 TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:4000    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:3298    TIME_WAIT   -
udp        0      0 0.0.0.0:32768               0.0.0.0:*                               2289/rpc.statd
udp        0      0 0.0.0.0:32774               0.0.0.0:*                               2957/avahi-daemon:
udp        0      0 0.0.0.0:779                 0.0.0.0:*                               2289/rpc.statd
udp        0      0 0.0.0.0:743                 0.0.0.0:*                               2264/rpcbind
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               2957/avahi-daemon:
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2264/rpcbind
udp        0      0 000.000.000.000:123           0.0.0.0:*                               2559/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               2559/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               2559/ntpd
udp        0      0 :::32775                    :::*                                    2957/avahi-daemon:
udp        0      0 :::5353                     :::*                                    2957/avahi-daemon:
udp        0      0 fe80::219:b9ff:fee6:123     :::*                                    2559/ntpd
udp        0      0 ::1:123                     :::*                                    2559/ntpd
udp        0      0 :::123                      :::*                                    2559/ntpd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  28     [ ]         DGRAM                    4608   2175/syslogd        /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6014   2863/xfs            /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     4831549 9840/proftpd: (acce /var/run/proftpd/proftpd.sock
unix  2      [ ACC ]     STREAM     LISTENING     4831371 9801/master         public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     4831378 9801/master         private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     4831382 9801/master         private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     4831386 9801/master         private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     4831390 9801/master         private/defer
unix  2      [ ACC ]     STREAM     LISTENING     4831394 9801/master         private/trace
unix  2      [ ACC ]     STREAM     LISTENING     6114   2907/saslauthd      /var/run/saslauthd/mux
unix  2      [ ACC ]     STREAM     LISTENING     4831398 9801/master         private/verify
unix  2      [ ACC ]     STREAM     LISTENING     4831402 9801/master         public/flush
unix  2      [ ACC ]     STREAM     LISTENING     6221   2957/avahi-daemon:  /var/run/avahi-daemon/socket
unix  2      [ ]         DGRAM                    640    606/udevd           @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     4788   2264/rpcbind        /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     6265   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  2      [ ]         DGRAM                    6276   2981/hald           @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     5061   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     5130   2387/sdpd           /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     5233   2459/pcscd          /var/run/pcscd.comm
unix  2      [ ACC ]     STREAM     LISTENING     5591   2654/mysqld         /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     5803   2729/gpm            /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     5642   2689/dovecot        /var/run/dovecot/dict-server
unix  2      [ ACC ]     STREAM     LISTENING     4831406 9801/master         private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     4831410 9801/master         private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     4831414 9801/master         private/relay
unix  2      [ ACC ]     STREAM     LISTENING     4831418 9801/master         public/showq
unix  2      [ ACC ]     STREAM     LISTENING     4831422 9801/master         private/error
unix  2      [ ACC ]     STREAM     LISTENING     4831426 9801/master         private/retry
unix  2      [ ACC ]     STREAM     LISTENING     5644   2689/dovecot        /var/run/dovecot/login/default
unix  2      [ ACC ]     STREAM     LISTENING     4831430 9801/master         private/discard
unix  2      [ ACC ]     STREAM     LISTENING     4831434 9801/master         private/local
unix  2      [ ACC ]     STREAM     LISTENING     6268   2981/hald           @/var/run/hald/dbus-4gLOKtyE50
unix  2      [ ACC ]     STREAM     LISTENING     4831438 9801/master         private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     4831442 9801/master         private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     4831446 9801/master         private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     4831450 9801/master         private/scache
unix  2      [ ACC ]     STREAM     LISTENING     4831557 9840/proftpd: (acce /var/run/proftpd/proftpd.sock
unix  2      [ ACC ]     STREAM     LISTENING     5649   2689/dovecot        /var/run/dovecot/auth-worker.2692
unix  2      [ ]         DGRAM                    4884161 20170/bounce
unix  2      [ ]         DGRAM                    4884121 20164/smtp
unix  3      [ ]         STREAM     CONNECTED     4884079 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4884078 20156/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4884075 20156/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4884074 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883984 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883983 20124/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883980 20124/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883979 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883838 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883837 20096/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883834 20096/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883833 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883772 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883771 20074/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883769 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883768 20073/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883765 20074/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883764 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883762 20073/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883761 2689/dovecot
unix  2      [ ]         DGRAM                    4881971 20027/0
unix  3      [ ]         STREAM     CONNECTED     4881077 19813/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4881076 19815/sftp-server
unix  3      [ ]         STREAM     CONNECTED     4881075 19813/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4881074 19815/sftp-server
unix  2      [ ]         DGRAM                    4878954 19342/anvil
unix  2      [ ]         DGRAM                    4859936 15467/pickup
unix  3      [ ]         STREAM     CONNECTED     4850170 13733/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4850169 13735/sftp-server
unix  3      [ ]         STREAM     CONNECTED     4850168 13733/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4850167 13735/sftp-server
unix  2      [ ]         DGRAM                    4831673 9863/tlsmgr
unix  2      [ ]         DGRAM                    4831616 9846/freshclam
unix  2      [ ]         DGRAM                    4831457 9806/qmgr
unix  3      [ ]         STREAM     CONNECTED     4831453 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831452 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831449 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831448 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831445 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831444 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831441 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831440 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831437 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831436 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831433 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831432 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831429 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831428 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831425 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831424 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831421 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831420 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831417 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831416 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831413 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831412 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831409 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831408 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831405 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831404 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831401 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831400 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831397 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831396 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831393 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831392 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831389 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831388 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831385 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831384 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831381 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831380 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831377 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831376 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831374 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831373 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831370 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831369 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831367 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831366 9801/master
unix  2      [ ]         DGRAM                    4831356 9801/master
unix  2      [ ]         STREAM     CONNECTED     4830807 9721/httpd
unix  3      [ ]         STREAM     CONNECTED     4144558 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4144557 18451/imap-login
unix  3      [ ]         STREAM     CONNECTED     4144554 18451/imap-login
unix  3      [ ]         STREAM     CONNECTED     4144553 2689/dovecot
unix  2      [ ]         DGRAM                    30256  2941/python
unix  2      [ ]         DGRAM                    30164  2941/python
unix  3      [ ]         STREAM     CONNECTED     6796   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6795   2941/python
unix  3      [ ]         STREAM     CONNECTED     6393   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6392   3014/sr1 (every 16
unix  3      [ ]         STREAM     CONNECTED     6391   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6390   3014/sr1 (every 16
unix  3      [ ]         STREAM     CONNECTED     6383   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6382   3011/sr0 (every 16
unix  3      [ ]         STREAM     CONNECTED     6379   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6378   3011/sr0 (every 16
unix  3      [ ]         STREAM     CONNECTED     6373   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6372   3008/sdb (every 16
unix  3      [ ]         STREAM     CONNECTED     6371   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6370   3008/sdb (every 16
unix  3      [ ]         STREAM     CONNECTED     6348   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6347   3004/event
unix  3      [ ]         STREAM     CONNECTED     6315   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6310   2994/event4
unix  3      [ ]         STREAM     CONNECTED     6312   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6308   2993/event1
unix  3      [ ]         STREAM     CONNECTED     6271   2981/hald           @/var/run/hald/dbus-4gLOKtyE50
unix  3      [ ]         STREAM     CONNECTED     6270   2982/hald-runner
unix  3      [ ]         STREAM     CONNECTED     6267   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6266   2981/hald
unix  3      [ ]         STREAM     CONNECTED     6224   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6223   2957/avahi-daemon:
unix  2      [ ]         STREAM     CONNECTED     6217   2957/avahi-daemon:
unix  2      [ ]         DGRAM                    6215   2957/avahi-daemon:
unix  3      [ ]         STREAM     CONNECTED     6148   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6147   2926/dhcdbd
unix  2      [ ]         DGRAM                    6146   2926/dhcdbd
unix  2      [ ]         DGRAM                    6113   2907/saslauthd
unix  2      [ ]         DGRAM                    5967   2838/crond
unix  3      [ ]         STREAM     CONNECTED     5933   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     5932   2762/console-kit-da
unix  2      [ ]         DGRAM                    5797   2729/gpm
unix  3      [ ]         STREAM     CONNECTED     5647   2692/dovecot-auth
unix  3      [ ]         STREAM     CONNECTED     5646   2689/dovecot
unix  2      [ ]         DGRAM                    5633   2689/dovecot
unix  2      [ ]         DGRAM                    5450   2559/ntpd
unix  2      [ ]         DGRAM                    5355   2515/automount
unix  2      [ ]         DGRAM                    5269   2479/hidd
unix  2      [ ]         DGRAM                    5232   2459/pcscd
unix  3      [ ]         STREAM     CONNECTED     5125   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     5124   2381/hcid
unix  2      [ ]         DGRAM                    5106   2387/sdpd
unix  2      [ ]         DGRAM                    5095   2381/hcid
unix  3      [ ]         STREAM     CONNECTED     5064   2366/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     5063   2366/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     5005   2339/rpc.idmapd
unix  3      [ ]         STREAM     CONNECTED     5004   2339/rpc.idmapd
unix  2      [ ]         DGRAM                    4851   2289/rpc.statd
unix  2      [ ]         DGRAM                    4797   2264/rpcbind
unix  2      [ ]         DGRAM                    4616   2178/klogd
This is my iptables commands:
Code:
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 81 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 21 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 80 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 81 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 21 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 22 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 110 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 443 -j ACCEPT
service iptables save
There are some rows repeated and I don't understand why.
Any suggestion is appreciated.
Regards
Reply With Quote
Sponsored Links