View Single Post
  #1  
Old 11th May 2011, 07:43
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default iptables ruleset

Hello all,

I am starting to define the ruleset for iptables... I am open to recommendations, is my intention to begin in this way (please, guide me if this is or not recommended, I am in the beautifull learning curve xD)

Code:
*filter
-A INPUT -p all --dport  1:65535 -j DROP
-A INPUT -p tcp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns2ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns2ip/32 --dport 3306 -j ACCEPT
....
 ----- other rules to ACCEPT traffic for other ports
COMMIT
Thank you very much.-

Edit: ok, bad idea to begin with DROP for all ports xD. The correct way I assume is to Allow first everything I want, and use the first line in the code as the last line xD

If someone could give about hidding things to have in count, it is welcome.

Last edited by erosbk; 12th May 2011 at 02:05.
Reply With Quote
Sponsored Links