IPTables
Posted on 2008-03-26 14:32:08-07 by lshw in response to 7464
Re: iptables script (noob)
Here's the script after stripping out the offensive formatting
(insert dashes, dollar signs, colons)

iptables t filter F
iptables t filter X

DROP
iptables t filter P INPUT DROP
iptables t filter P OUTPUT DROP
iptables t filter P FORWARD DROP
variables (put quotes on the right side)
remote is iprange_for_db_users
www is eth0
web is web_server_ip
mail is mail_server_ip
bbdd is database_server_ip
ssh is ip_para_ssh_access
cf is firewall_ip
all is any ext ip (0000slash0)
Permit localhost
iptables A INPUT i lo j ACCEPT
iptables A OUTPUT o lo j ACCEPT
Start filtering
iptables A FORWARD m state state ESTABLISHED,RELATED j ACCEPT
open web server http & https (insert string sign before variable)
iptables A FORWARD m state state NEW p tcp s web o www dport 80 j ACCEPT
iptables A FORWARD m state state NEW p tcp s $web o $www dport 443 j ACCEPT
open mail server pop3, imap, imapssl
iptables A FORWARD m state state NEW p tcp s mail o www dport 110 j ACCEPT
iptables A FORWARD m state state NEW p tcp s mail o www dport 25 j ACCEPT
iptables A FORWARD m state state NEW p tcp s mail o www dport 143 j ACCEPT
iptables A FORWARD m state state NEW p tcp s mail - www dport 993 j ACCEPT
iptables A FORWARD m state state NEW p udp s mail o www dport 993 j ACCEPT
open data base for users on remote lan
iptables A FORWARD m state state NEW p tcp s bbdd o remote dport 1433 j ACCEPT

open all servers for DNS (note to myself: change to range of ip's?)
iptables A FORWARD m state state NEW p tcp s web o www dport 53 j ACCEPT
iptables A FORWARD m state state NEW p udp s web o www dport 53 j ACCEPT
iptables A FORWARD m state state NEW p tcp s mail o www dport 53 j ACCEPT
iptables A FORWARD m state state NEW p udp s mail o www dport 53 j ACCEPT
iptables A FORWARD m state state NEW p tcp s bbdd o www dport 53 j ACCEPT
iptables A FORWARD m state state NEW p udp s bbdd o www dport 53 j ACCEPT
open firewall to SSH
iptables A FORWARD m state state NEW p tcp s ssh o cf dport 22 j ACCEPT
iptables A FORWARD m state state NEW p udp s ssh o cf dport 22 j ACCEPT
Close all other ports
iptables A INPUT s any i eth0 p tcp dport 1 to 1024 j DROP
iptables A INPUT s any i eth0 p udp dport 1 to 1024 j DROP
Close webmin
iptables A INPUT s any p tcp dport 10000 j DROP
Direct Responses: Write a response
Perl Weekly newsletter
A free weekly newsletter for people who are busy to read all the blogs. click here to check it out.
Recommended web hosting by M5 hosting