All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
are my iptables rules set correctly
Hi
i have a small LEB server with a webserver installation
i made some iptables, but im not sure if I set everything correctly.
Hope some of you can take a look at it to be sure that i have not accidentally locked myselves out of the server
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
SSH
iptables -A INPUT -p tcp --dport XX -j ACCEPT
http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
http
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
mysql
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
ping
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
apt-get install iptables-persistent
iptables -A INPUT -j DROP
invoke-rc.d iptables-persistent save
Comments
Where is the Accept rule for ssh (Port 22)
Hi
thank you simonindia
see SSH
iptables -A INPUT -p tcp --dport XX -j ACCEPT
i dont use the standard port
Looks fine to me. Some cloud servers get their IP via DHCP so you'd need UDP 68, but most VPS's don't need it.
You don't need the section on MySQL; you've already allowed localhost connections earlier, and you block non-local connections later. The DROP means you're not logging non-local attempts to connect to MySQL, which you might want to log.
There's always more you can do, filtering OUTPUT and FORWARD, etc., but this should be okay.