Michal Melewski <mike@pn66.poznan.sdi.tpnet.pl> wrote: > Lars Roland Kristiansen wrote: >> I am no iptables guro, i just want to close all exept from >> ssh(port 22), pop3(port 110) and imap(port143). Is there and >> easy way to do this. ???? > > Sure it is easy... I was just wondering, if some experienced iptables users could give me, at least some, opinions about my iptables rules. It is supposed to close all the other ports, but leave 1050, 2222 and 8080 open. Here's the file created by iptables-save. --snip-- # Generated by iptables-save v1.2.3 on Mon Dec 17 15:18:04 2001 *filter :INPUT ACCEPT [18453:2703999] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [255753:190461092] :external - [0:0] -A INPUT -i eth0 -j external -A external -p tcp -m tcp --dport 1050 -j ACCEPT -A external -p tcp -m tcp --dport 2222 -j ACCEPT -A external -p tcp -m tcp --dport 8080 -j ACCEPT -A external -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A external -j ACCEPT COMMIT # Completed on Mon Dec 17 15:18:04 2001 --snip-- I'd like some input on this; how to make it better, how to possibly make it log and just what should I modify in it to gain as great security as possible? I know, that there's HOWTO's for these, and I've read those, of course. But now I'd want to ask first-hand opinion about my iptables rule file. Is it secure, or what should I do in order to make it more secure? -- Jussi Ekholm <ekhowl@goa-head.org> | registered Linux user #269376 http://erppimaa.cjb.net/~ekhowl/ | UIN (ICQ): 156057281 ekh @ IRCNet | GnuPG Public Key ID: 1410081E
Attachment:
pgpfdHUcSN3sU.pgp
Description: PGP signature