Re: iptables and networking
> For the FORWARD chain, see below.
> If you only have these 2 rules, your server will be able to connect to
> other machines and the internet, but it will not accept new connections.
> If your server needs to be accessed by others (webserver, running SSH,
> printing server, etc.) you need to define additional rules to allow that
> incoming traffic.
Hi Steven and thanks for your reply :-)
This is my full iptables config:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -f -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
below I've rules that open ports, like this (i.e.):
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
with this way my actually server runs perfectly. Is there other rules to
block ddos attack, or other type of attacks?
> In the above I am assuming a default policy of 'drop' on at least the
> INPUT chain, the command (as root, no quotes) "iptables -L -vn" will
> print all currently active rules and the default policy (what should
> happen if no rule is matched). If the default policy is 'ACCEPT' those 2
> rules by themselves have no effect.
>
> Also, be careful no to lock yourself out of the machine if configuring
> iptables using SSH.
Yep... thanks again!
Pol
Reply to: