Re: CLOSING a web server!!!!!!
Kaixo Matthew Palmer!!!
> > 21 -> only from my fix IP
> Use scp. FTP requires some very b0rken firewalling.
OK...... and about SFTP?????
Some of the webmaster are using windows FTP clients, so i need FTP or SFTP.
> > 22 -> only from my fix IP
> $IPT -P INPUT DROP
> $IPT -A INPUT -t tcp --dport 22 -s $fix_IP -d $local_IP -j ACCEPT
> > 53 -> any IP (only for my domains = BIND config)
> What do you mean, only for your domains? Only allow people from your
> domains to query you? Then why "any IP"? Your firewall can't stop people
> from asking you about www.google.com...
What i mean is:
global -> allow-query = only my IPs
per domain -> allow-query any
> > 80 -> any IP obiously
> $IPT -A INPUT -t tcp --dport 80 -d $local_IP -j ACCEPT
> > 443 -> same as 80
> > What are the BETTER and MORE SECURE iptables rules for this server????
> Those above work for me.
OK, but what about "-m state --state NEW" or similar????