Re: firewall critique

To: Debian Firewall User List <debian-firewall@lists.debian.org>, Debian Security User List <debian-security@lists.debian.org>
Subject: Re: firewall critique
From: matteo filippetto <matteo.filippetto@gmail.com>
Date: Thu, 7 May 2009 08:55:56 +0200
Message-id: <[🔎] aba0e18b0905062355o3de95019s63a67b2d2e84b079@mail.gmail.com>
In-reply-to: <[🔎] ecfa260c0905061828q64113a18s527cd27f2ee9a5da@mail.gmail.com>
References: <[🔎] ecfa260c0905061828q64113a18s527cd27f2ee9a5da@mail.gmail.com>

2009/5/7 Zachary Uram <netrek@gmail.com>:
> Hi,
>
> Running Debian lenny. I run a web server and try to keep all other
> ports closed. Would like to get some feedback on my firewall. If you
> have any suggestions for rules to add or other changes please let me
> know. Also what are some other steps I can take next to further
> increase my security?
>
> iptables -A INPUT -i eth0 -m conntrack --ctstate INVALID -j DROP ;
> iptables -A INPUT -p tcp -m conntrack --ctstate NEW -i eth0 --dport 80
> -j ACCEPT ;
> iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -j DROP ;
> iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
>
> Zach
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Hi,

there are no default policy in your rules...you should set them.

you can follow this tutorials to improve your firewall rules

http://beginlinux.wordpress.com/2008/06/16/build-a-simple-iptables-firewall/

http://www.cyberdogtech.com/firewalls/

http://www.debian-administration.org/article/Question_A_good_iptables_tutorial

I found them very useful when creating my configuration.

-- 
Matteo Filippetto

Reply to:

References:
- firewall critique
  - From: Zachary Uram <netrek@gmail.com>

Prev by Date: firewall critique
Next by Date: Re: firewall critique
Previous by thread: firewall critique
Next by thread: Re: firewall critique
Index(es):
- Date
- Thread