Re: CLOSING a web server!!!!!!
On Thu, 30 Jan 2003, [iso-8859-1] Iñaki Martínez wrote:
> 21 -> only from my fix IP
Use scp. FTP requires some very b0rken firewalling.
> 22 -> only from my fix IP
IPT="/sbin/iptables"
$IPT -P INPUT DROP
$IPT -A INPUT -t tcp --dport 22 -s $fix_IP -d $local_IP -j ACCEPT
> 53 -> any IP (only for my domains = BIND config)
What do you mean, only for your domains? Only allow people from your
domains to query you? Then why "any IP"? Your firewall can't stop people
from asking you about www.google.com...
> 80 -> any IP obiously
$IPT -A INPUT -t tcp --dport 80 -d $local_IP -j ACCEPT
> 443 -> same as 80
Precisely.
> What are the BETTER and MORE SECURE iptables rules for this server????
Those above work for me.
> NOTE: i am NOT an expert, but i know iptables syntax, options and rules.
Well, there you are then.
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16
Reply to: