Michal Melewski <mike@pn66.poznan.sdi.tpnet.pl> wrote:
Lars Roland Kristiansen wrote:
I am no iptables guro, i just want to close all exept from
ssh(port 22), pop3(port 110) and imap(port143). Is there and
easy way to do this. ????
Sure it is easy...
I was just wondering, if some experienced iptables users could give me,
at least some, opinions about my iptables rules. It is supposed to close
all the other ports, but leave 1050, 2222 and 8080 open. Here's the
file created by iptables-save.
--snip--
# Generated by iptables-save v1.2.3 on Mon Dec 17 15:18:04 2001
*filter
:INPUT ACCEPT [18453:2703999]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [255753:190461092]
:external - [0:0]
-A INPUT -i eth0 -j external
-A external -p tcp -m tcp --dport 1050 -j ACCEPT
-A external -p tcp -m tcp --dport 2222 -j ACCEPT
-A external -p tcp -m tcp --dport 8080 -j ACCEPT
-A external -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A external -j ACCEPT
COMMIT
# Completed on Mon Dec 17 15:18:04 2001
--snip--
I'd like some input on this; how to make it better, how to possibly make
it log and just what should I modify in it to gain as great security as
possible? I know, that there's HOWTO's for these, and I've read those,
of course. But now I'd want to ask first-hand opinion about my iptables
rule file. Is it secure, or what should I do in order to make it more
secure?