Re: CLOSING a web server!!!!!!

To: Iñaki Martínez <debian@euskal-linux.org>
Cc: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: CLOSING a web server!!!!!!
From: Matthew Palmer <mjp16@ieee.uow.edu.au>
Date: Fri, 31 Jan 2003 15:04:25 +1100 (EST)
Message-id: <[🔎] Pine.LNX.4.10.10301311501010.24139-100000@magnetron.ieee.uow.edu.au>
In-reply-to: <[🔎] 20030130151732.GB26845@mx.euskal-linux.org>

On Thu, 30 Jan 2003, [iso-8859-1] Iñaki Martínez wrote:

>   21 -> only from my fix IP

Use scp.  FTP requires some very b0rken firewalling.

>   22 -> only from my fix IP

IPT="/sbin/iptables"

$IPT -P INPUT DROP

$IPT -A INPUT -t tcp --dport 22 -s $fix_IP -d $local_IP -j ACCEPT

>   53 -> any IP (only for my domains = BIND config)

What do you mean, only for your domains?  Only allow people from your
domains to query you?  Then why "any IP"?  Your firewall can't stop people
from asking you about www.google.com...

>   80 -> any IP obiously

$IPT -A INPUT -t tcp --dport 80 -d $local_IP -j ACCEPT

>  443 -> same as 80

Precisely.

>  What are the BETTER and MORE SECURE iptables rules for this server????

Those above work for me.

>  NOTE: i am NOT an expert, but i know iptables syntax, options and rules.

Well, there you are then.


-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16

Reply to:

References:
- CLOSING a web server!!!!!!
  - From: Iñaki Martínez <debian@euskal-linux.org>

Prev by Date: Re: OT: Advice on network setup
Next by Date: RE: CLOSING a web server!!!!!!
Previous by thread: RE: CLOSING a web server!!!!!!
Next by thread: RE: CLOSING a web server!!!!!!
Index(es):
- Date
- Thread