#1  
Old 11th May 2011, 06:43
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default iptables ruleset

Hello all,

I am starting to define the ruleset for iptables... I am open to recommendations, is my intention to begin in this way (please, guide me if this is or not recommended, I am in the beautifull learning curve xD)

Code:
*filter
-A INPUT -p all --dport  1:65535 -j DROP
-A INPUT -p tcp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $webip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $mailip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns1ip/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp -s $dns2ip/32 --dport 3306 -j ACCEPT
-A INPUT -p udp -s $dns2ip/32 --dport 3306 -j ACCEPT
....
 ----- other rules to ACCEPT traffic for other ports
COMMIT
Thank you very much.-

Edit: ok, bad idea to begin with DROP for all ports xD. The correct way I assume is to Allow first everything I want, and use the first line in the code as the last line xD

If someone could give about hidding things to have in count, it is welcome.

Last edited by erosbk; 12th May 2011 at 01:05.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3 problems with mail Help me !!!!!!! albertox26 Installation/Configuration 8 27th December 2010 19:57
ISPC 3.0.3 - Help me optimize Apache+MySQL itsnedkeren Installation/Configuration 7 23rd November 2010 12:43
Iptables gateway with one lan adapter tsmr Installation/Configuration 1 7th August 2008 12:02
IPtables rule to let PPTP access LAN brianwebb01 Installation/Configuration 0 1st May 2008 21:23
Match IP with MAC using iptables for squid block cooljai Server Operation 0 30th August 2007 18:30


All times are GMT +2. The time now is 10:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.