Re: How to work with my iptables script

To: Jacob Friis Larsen <jfl@list.idg.dk>
Cc: Mike Mestnik <cheako911@yahoo.com>, debian-firewall@lists.debian.org
Subject: Re: How to work with my iptables script
From: Celso González <celso@mitago.net>
Date: Fri, 3 Sep 2004 16:30:35 +0200
Message-id: <[🔎] 20040903143035.GA18085@viac3>
Reply-to: celso@mitago.net
In-reply-to: <4132FEAB.90902@list.idg.dk>
References: <20040826024251.40203.qmail@web11906.mail.yahoo.com> <4132FEAB.90902@list.idg.dk>

On Mon, Aug 30, 2004 at 12:17:15PM +0200, Jacob Friis Larsen wrote:
> 
> My new script:

A pair of suggestions to improve your firewall

> 
> # Open ports on router for server/services
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21
> iptables -A INPUT -j ACCEPT -p tcp --dport 22
> iptables -A INPUT -j ACCEPT -p tcp --dport 25
> iptables -A INPUT -j ACCEPT -p tcp --dport 80
> iptables -A INPUT -j ACCEPT -p tcp --dport 143
> #iptables -A INPUT -j ACCEPT -p tcp --dport 443
> iptables -A INPUT -j ACCEPT -p tcp --dport 993

Add the state parameter to improve the control of open ports something
like that

iptables -A INPUT -j ACCEPT -p tcp --dport 22 -m state --state NEW


> # STATE RELATED for router
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Put this rule at the beginning, usually all the trafic you will receive
will pass through this rule, so you will gain a little best performance


Best Regards

-- 
Celso González
http://mitago.net

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by Date: unsubscribe
Previous by thread: Re: How to work with my iptables script
Next by thread: unsubscribe
Index(es):
- Date
- Thread