#1  
Old 10th May 2008, 20:44
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default Improve the Firewall rules

Hi guys,

I need to reduce the traffic in my server.
This is the situation:
Code:
[root@server1 ~]# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2654/mysqld
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2264/rpcbind
tcp        0      0 0.0.0.0:33777               0.0.0.0:*                   LISTEN      2289/rpc.statd
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      9801/master
tcp        1      0 000.000.000.000:42036         194.116.84.8:80             CLOSE_WAIT  2941/python
tcp     1168      0 000.000.000.000:55582         130.57.1.88:80              CLOSE_WAIT  2941/python
tcp        1      0 000.000.000.000:49936         66.35.62.162:80             CLOSE_WAIT  2941/python
tcp        0      0 :::993                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::995                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      2689/dovecot
tcp        0      0 :::80                       :::*                        LISTEN      9721/httpd
tcp        0      0 :::21                       :::*                        LISTEN      9840/proftpd: (acce
tcp        0      0 :::22                       :::*                        LISTEN      2541/sshd
tcp        0      0 :::443                      :::*                        LISTEN      9721/httpd
tcp        0   2076 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53827   ESTABLISHED 20027/0
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2418   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:110    ::ffff:82.49.214.62:53884   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:3657    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53133   ESTABLISHED 13733/sshd: root@no
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2416   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.231.123.243:49288 TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2419   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:22     ::ffff:82.49.214.62:53801   ESTABLISHED 19813/sshd: root@no
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.32.166.118:2417   TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:74.6.23.225:35204    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:83.231.123.243:49289 TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:4000    TIME_WAIT   -
tcp        0      0 ::ffff:000.000.000.000:80     ::ffff:66.34.204.26:3298    TIME_WAIT   -
udp        0      0 0.0.0.0:32768               0.0.0.0:*                               2289/rpc.statd
udp        0      0 0.0.0.0:32774               0.0.0.0:*                               2957/avahi-daemon:
udp        0      0 0.0.0.0:779                 0.0.0.0:*                               2289/rpc.statd
udp        0      0 0.0.0.0:743                 0.0.0.0:*                               2264/rpcbind
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               2957/avahi-daemon:
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2264/rpcbind
udp        0      0 000.000.000.000:123           0.0.0.0:*                               2559/ntpd
udp        0      0 127.0.0.1:123               0.0.0.0:*                               2559/ntpd
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               2559/ntpd
udp        0      0 :::32775                    :::*                                    2957/avahi-daemon:
udp        0      0 :::5353                     :::*                                    2957/avahi-daemon:
udp        0      0 fe80::219:b9ff:fee6:123     :::*                                    2559/ntpd
udp        0      0 ::1:123                     :::*                                    2559/ntpd
udp        0      0 :::123                      :::*                                    2559/ntpd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  28     [ ]         DGRAM                    4608   2175/syslogd        /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6014   2863/xfs            /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     4831549 9840/proftpd: (acce /var/run/proftpd/proftpd.sock
unix  2      [ ACC ]     STREAM     LISTENING     4831371 9801/master         public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     4831378 9801/master         private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     4831382 9801/master         private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     4831386 9801/master         private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     4831390 9801/master         private/defer
unix  2      [ ACC ]     STREAM     LISTENING     4831394 9801/master         private/trace
unix  2      [ ACC ]     STREAM     LISTENING     6114   2907/saslauthd      /var/run/saslauthd/mux
unix  2      [ ACC ]     STREAM     LISTENING     4831398 9801/master         private/verify
unix  2      [ ACC ]     STREAM     LISTENING     4831402 9801/master         public/flush
unix  2      [ ACC ]     STREAM     LISTENING     6221   2957/avahi-daemon:  /var/run/avahi-daemon/socket
unix  2      [ ]         DGRAM                    640    606/udevd           @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     4788   2264/rpcbind        /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     6265   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  2      [ ]         DGRAM                    6276   2981/hald           @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     5061   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     5130   2387/sdpd           /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     5233   2459/pcscd          /var/run/pcscd.comm
unix  2      [ ACC ]     STREAM     LISTENING     5591   2654/mysqld         /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     5803   2729/gpm            /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     5642   2689/dovecot        /var/run/dovecot/dict-server
unix  2      [ ACC ]     STREAM     LISTENING     4831406 9801/master         private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     4831410 9801/master         private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     4831414 9801/master         private/relay
unix  2      [ ACC ]     STREAM     LISTENING     4831418 9801/master         public/showq
unix  2      [ ACC ]     STREAM     LISTENING     4831422 9801/master         private/error
unix  2      [ ACC ]     STREAM     LISTENING     4831426 9801/master         private/retry
unix  2      [ ACC ]     STREAM     LISTENING     5644   2689/dovecot        /var/run/dovecot/login/default
unix  2      [ ACC ]     STREAM     LISTENING     4831430 9801/master         private/discard
unix  2      [ ACC ]     STREAM     LISTENING     4831434 9801/master         private/local
unix  2      [ ACC ]     STREAM     LISTENING     6268   2981/hald           @/var/run/hald/dbus-4gLOKtyE50
unix  2      [ ACC ]     STREAM     LISTENING     4831438 9801/master         private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     4831442 9801/master         private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     4831446 9801/master         private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     4831450 9801/master         private/scache
unix  2      [ ACC ]     STREAM     LISTENING     4831557 9840/proftpd: (acce /var/run/proftpd/proftpd.sock
unix  2      [ ACC ]     STREAM     LISTENING     5649   2689/dovecot        /var/run/dovecot/auth-worker.2692
unix  2      [ ]         DGRAM                    4884161 20170/bounce
unix  2      [ ]         DGRAM                    4884121 20164/smtp
unix  3      [ ]         STREAM     CONNECTED     4884079 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4884078 20156/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4884075 20156/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4884074 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883984 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883983 20124/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883980 20124/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883979 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883838 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883837 20096/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883834 20096/pop3-login
unix  3      [ ]         STREAM     CONNECTED     4883833 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883772 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883771 20074/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883769 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4883768 20073/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883765 20074/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883764 2689/dovecot
unix  3      [ ]         STREAM     CONNECTED     4883762 20073/imap-login
unix  3      [ ]         STREAM     CONNECTED     4883761 2689/dovecot
unix  2      [ ]         DGRAM                    4881971 20027/0
unix  3      [ ]         STREAM     CONNECTED     4881077 19813/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4881076 19815/sftp-server
unix  3      [ ]         STREAM     CONNECTED     4881075 19813/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4881074 19815/sftp-server
unix  2      [ ]         DGRAM                    4878954 19342/anvil
unix  2      [ ]         DGRAM                    4859936 15467/pickup
unix  3      [ ]         STREAM     CONNECTED     4850170 13733/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4850169 13735/sftp-server
unix  3      [ ]         STREAM     CONNECTED     4850168 13733/sshd: root@no
unix  3      [ ]         STREAM     CONNECTED     4850167 13735/sftp-server
unix  2      [ ]         DGRAM                    4831673 9863/tlsmgr
unix  2      [ ]         DGRAM                    4831616 9846/freshclam
unix  2      [ ]         DGRAM                    4831457 9806/qmgr
unix  3      [ ]         STREAM     CONNECTED     4831453 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831452 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831449 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831448 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831445 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831444 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831441 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831440 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831437 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831436 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831433 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831432 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831429 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831428 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831425 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831424 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831421 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831420 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831417 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831416 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831413 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831412 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831409 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831408 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831405 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831404 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831401 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831400 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831397 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831396 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831393 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831392 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831389 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831388 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831385 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831384 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831381 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831380 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831377 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831376 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831374 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831373 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831370 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831369 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831367 9801/master
unix  3      [ ]         STREAM     CONNECTED     4831366 9801/master
unix  2      [ ]         DGRAM                    4831356 9801/master
unix  2      [ ]         STREAM     CONNECTED     4830807 9721/httpd
unix  3      [ ]         STREAM     CONNECTED     4144558 2692/dovecot-auth   /var/run/dovecot/login/default
unix  3      [ ]         STREAM     CONNECTED     4144557 18451/imap-login
unix  3      [ ]         STREAM     CONNECTED     4144554 18451/imap-login
unix  3      [ ]         STREAM     CONNECTED     4144553 2689/dovecot
unix  2      [ ]         DGRAM                    30256  2941/python
unix  2      [ ]         DGRAM                    30164  2941/python
unix  3      [ ]         STREAM     CONNECTED     6796   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6795   2941/python
unix  3      [ ]         STREAM     CONNECTED     6393   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6392   3014/sr1 (every 16
unix  3      [ ]         STREAM     CONNECTED     6391   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6390   3014/sr1 (every 16
unix  3      [ ]         STREAM     CONNECTED     6383   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6382   3011/sr0 (every 16
unix  3      [ ]         STREAM     CONNECTED     6379   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6378   3011/sr0 (every 16
unix  3      [ ]         STREAM     CONNECTED     6373   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6372   3008/sdb (every 16
unix  3      [ ]         STREAM     CONNECTED     6371   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6370   3008/sdb (every 16
unix  3      [ ]         STREAM     CONNECTED     6348   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6347   3004/event
unix  3      [ ]         STREAM     CONNECTED     6315   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6310   2994/event4
unix  3      [ ]         STREAM     CONNECTED     6312   2981/hald           @/var/run/hald/dbus-Dan7TUuMBx
unix  3      [ ]         STREAM     CONNECTED     6308   2993/event1
unix  3      [ ]         STREAM     CONNECTED     6271   2981/hald           @/var/run/hald/dbus-4gLOKtyE50
unix  3      [ ]         STREAM     CONNECTED     6270   2982/hald-runner
unix  3      [ ]         STREAM     CONNECTED     6267   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6266   2981/hald
unix  3      [ ]         STREAM     CONNECTED     6224   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6223   2957/avahi-daemon:
unix  2      [ ]         STREAM     CONNECTED     6217   2957/avahi-daemon:
unix  2      [ ]         DGRAM                    6215   2957/avahi-daemon:
unix  3      [ ]         STREAM     CONNECTED     6148   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     6147   2926/dhcdbd
unix  2      [ ]         DGRAM                    6146   2926/dhcdbd
unix  2      [ ]         DGRAM                    6113   2907/saslauthd
unix  2      [ ]         DGRAM                    5967   2838/crond
unix  3      [ ]         STREAM     CONNECTED     5933   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     5932   2762/console-kit-da
unix  2      [ ]         DGRAM                    5797   2729/gpm
unix  3      [ ]         STREAM     CONNECTED     5647   2692/dovecot-auth
unix  3      [ ]         STREAM     CONNECTED     5646   2689/dovecot
unix  2      [ ]         DGRAM                    5633   2689/dovecot
unix  2      [ ]         DGRAM                    5450   2559/ntpd
unix  2      [ ]         DGRAM                    5355   2515/automount
unix  2      [ ]         DGRAM                    5269   2479/hidd
unix  2      [ ]         DGRAM                    5232   2459/pcscd
unix  3      [ ]         STREAM     CONNECTED     5125   2366/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     5124   2381/hcid
unix  2      [ ]         DGRAM                    5106   2387/sdpd
unix  2      [ ]         DGRAM                    5095   2381/hcid
unix  3      [ ]         STREAM     CONNECTED     5064   2366/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     5063   2366/dbus-daemon
unix  3      [ ]         STREAM     CONNECTED     5005   2339/rpc.idmapd
unix  3      [ ]         STREAM     CONNECTED     5004   2339/rpc.idmapd
unix  2      [ ]         DGRAM                    4851   2289/rpc.statd
unix  2      [ ]         DGRAM                    4797   2264/rpcbind
unix  2      [ ]         DGRAM                    4616   2178/klogd
This is my iptables commands:
Code:
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 81 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 21 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 80 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 81 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 21 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 22 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 110 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 443 -j ACCEPT
service iptables save
There are some rows repeated and I don't understand why.
Any suggestion is appreciated.
Regards
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables slowing down my SSH login!? edge Server Operation 7 4th July 2006 13:56


All times are GMT +2. The time now is 20:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.