Discussion in 'General' started by poolet, Jul 13, 2012.

  1. poolet

    poolet New Member

    Hello guys,

    Finally I finished my server and everything seems to be works fine.. Now a small issue that I am not sure if it's a problem is::

    First I have set fail2ban to filter the ssh with a compilation of iptables, for example if I get fail to login with ssh up to 3 times then fail2ban block my external ip address for a short of time. I have also ask from iptables to allowed only request from a specific external ip address:: so if someone tries to login in even if knows my user and pass, not be able to login and iptables drop the packet. Now I am not sure if that's works since I didn't add directly on the iptables rules, and I want to know, if there is any possible ways to do that??

    I have use the command
    iptables -A INPUT -p TCP -s  "" --dport 22 -j DROP 
    where is my external ip address , also if that's ok can I set another ip address or it will overwrite the previous ??

    Another problem that I want is to close any port that are non-used.. As I have check I need to have only 3 ports for my needs. 22 ssh, 80 http, and 3306 mysql, Now 3306 is not necessary to be open outside for world, I just need access only from localhost, So I thought was better to do as previous and drop outside connectivity for mysql, so I have used

    iptables -A INPUT -p TCP -s --dport 3306 -j DROP 
    Now I don't now if the above thoughts and steps are correct so I need someone who knows something more from me..

    At the end I don't know what to do with icmp-host-prohibited and more general with icmp I read a lot articles about this subject, and as I was doing my second final year project, I conclude that, is something that only a very experienced people can answer it correct. Sometimes is bad to reject it, and sometime good to have, according your needs, what's your opinion about that??

    At the end please give a shoot to my iptable -L below and let me know if I miss something:: since ispconfig is seems to work, but even if I set the port 8080 open it's redirect into the domain name and passes the login page of ispconfig. ( I don't think that's a problem, I just need a confirmation)

    Chain INPUT (Policy ACCEPT)
    target prot opt source destination 
    fail2ban-SSH tcp -- anywhere  anywhere tcp dpt:ssh
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 
    ACCEPT icmp -- anywhere anywhere 
    ACCEPT all -- anywhere anywhere
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
    DROP tcp -- localhost  anywhere tcp dpt:mysql 
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination 
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 
    Chain OUTPUT (policy ACCEPT)
    target prot source destination 
    Chain fail2ban-SSH (1 references)
    target prot opt source destination 
    RETURN all -- anywhere anywhere  

    Thank you in advance!!!!

Share This Page