On Mon, Aug 30, 2004 at 12:17:15PM +0200, Jacob Friis Larsen wrote: > > My new script: A pair of suggestions to improve your firewall > > # Open ports on router for server/services > iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20 > iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21 > iptables -A INPUT -j ACCEPT -p tcp --dport 22 > iptables -A INPUT -j ACCEPT -p tcp --dport 25 > iptables -A INPUT -j ACCEPT -p tcp --dport 80 > iptables -A INPUT -j ACCEPT -p tcp --dport 143 > #iptables -A INPUT -j ACCEPT -p tcp --dport 443 > iptables -A INPUT -j ACCEPT -p tcp --dport 993 Add the state parameter to improve the control of open ports something like that iptables -A INPUT -j ACCEPT -p tcp --dport 22 -m state --state NEW > # STATE RELATED for router > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Put this rule at the beginning, usually all the trafic you will receive will pass through this rule, so you will gain a little best performance Best Regards -- Celso González http://mitago.net
Attachment:
signature.asc
Description: Digital signature