iptables ruleset

Discussion in 'Server Operation' started by erosbk, May 11, 2011.

  1. erosbk

    erosbk New Member

    Hello all,

    I am starting to define the ruleset for iptables... I am open to recommendations, is my intention to begin in this way (please, guide me if this is or not recommended, I am in the beautifull learning curve xD)

    Code:
    *filter
    -A INPUT -p all --dport  1:65535 -j DROP
    -A INPUT -p tcp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
    -A INPUT -p udp -s 127.0.0.1/32 --dport 3306 -j ACCEPT
    -A INPUT -p tcp -s $webip/32 --dport 3306 -j ACCEPT
    -A INPUT -p udp -s $webip/32 --dport 3306 -j ACCEPT
    -A INPUT -p tcp -s $mailip/32 --dport 3306 -j ACCEPT
    -A INPUT -p udp -s $mailip/32 --dport 3306 -j ACCEPT
    -A INPUT -p tcp -s $dns1ip/32 --dport 3306 -j ACCEPT
    -A INPUT -p udp -s $dns1ip/32 --dport 3306 -j ACCEPT
    -A INPUT -p tcp -s $dns2ip/32 --dport 3306 -j ACCEPT
    -A INPUT -p udp -s $dns2ip/32 --dport 3306 -j ACCEPT
    ....
     ----- other rules to ACCEPT traffic for other ports
    COMMIT
    
    Thank you very much.-

    Edit: ok, bad idea to begin with DROP for all ports xD. The correct way I assume is to Allow first everything I want, and use the first line in the code as the last line xD

    If someone could give about hidding things to have in count, it is welcome.
     
    Last edited: May 12, 2011

Share This Page