firewall critique

To: Debian Firewall User List <debian-firewall@lists.debian.org>
Cc: Debian Security User List <debian-security@lists.debian.org>
Subject: firewall critique
From: Zachary Uram <netrek@gmail.com>
Date: Wed, 6 May 2009 21:28:29 -0400
Message-id: <[🔎] ecfa260c0905061828q64113a18s527cd27f2ee9a5da@mail.gmail.com>

Hi,

Running Debian lenny. I run a web server and try to keep all other
ports closed. Would like to get some feedback on my firewall. If you
have any suggestions for rules to add or other changes please let me
know. Also what are some other steps I can take next to further
increase my security?

iptables -A INPUT -i eth0 -m conntrack --ctstate INVALID -j DROP ;
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -i eth0 --dport 80
-j ACCEPT ;
iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -j DROP ;
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Zach

Reply to:

Follow-Ups:
- Re: firewall critique
  - From: matteo filippetto <matteo.filippetto@gmail.com>
- Re: firewall critique
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: security ideas for Linux router?
Next by Date: Re: firewall critique
Previous by thread: security ideas for Linux router?
Next by thread: Re: firewall critique
Index(es):
- Date
- Thread