I had great hassle setting up the iptables on one of my online servers. but, thanks to Yousef when he was around on his last visit to Kuwait he showed me great tips and worked out a little script to bring up the firewall. The script is made to block all incoming ports accept apache, FTP, mysql foreign connections, shell and squid (proxy server).
# flush all current rules
iptables -F
# set default policies for INPUT, FORWARD, and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# set access for localhost
iptables -A INPUT -i lo -j ACCEPT
# accept packets belonging to established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# accept connection on port 80 (HTTP)
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
# accept ssh and ftp connections
iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8898 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT
# save our iptables rules
/etc/init.d/iptables save
Loading ...
Recent Comments