Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


are my iptables rules set correctly
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

are my iptables rules set correctly

erasereraser Member
edited February 2017 in Help

Hi

i have a small LEB server with a webserver installation

i made some iptables, but im not sure if I set everything correctly.

Hope some of you can take a look at it to be sure that i have not accidentally locked myselves out of the server

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -I INPUT 1 -i lo -j ACCEPT

SSH

iptables -A INPUT -p tcp --dport XX -j ACCEPT

http

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

http
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

mysql

iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

ping

iptables -A INPUT -p icmp -j ACCEPT

iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

apt-get install iptables-persistent

iptables -A INPUT -j DROP

invoke-rc.d iptables-persistent save

Comments

  • Where is the Accept rule for ssh (Port 22)

  • erasereraser Member
    edited February 2017

    Hi

    thank you simonindia

    see SSH

    iptables -A INPUT -p tcp --dport XX -j ACCEPT

    i dont use the standard port

  • Looks fine to me. Some cloud servers get their IP via DHCP so you'd need UDP 68, but most VPS's don't need it.

    You don't need the section on MySQL; you've already allowed localhost connections earlier, and you block non-local connections later. The DROP means you're not logging non-local attempts to connect to MySQL, which you might want to log.

    There's always more you can do, filtering OUTPUT and FORWARD, etc., but this should be okay.

Sign In or Register to comment.