Thread: Iptables help

hi

trying set iptables vsp need script secures server. task server has handle accepted users connect trough 2 different dns-adresses , ofcause possibility me connect ssh.

have these ports open:

ssh (port 900)
port 15000


script come far:

code:

# generated iptables-save v1.3.1 on sun apr 23 05:32:09 2006 *filter  :input accept [273:55355]  :forward accept [0:0]  :logndrop - [0:0]  :output accept [92376:20668252]  -a input -m conntrack --ctstate related,established -j accept  -a input -i eth0 -p tcp -m tcp --dport 900 -j accept  -a input -i eth0 -p tcp -m tcp --dport 80 -j accept -a input -i eth0 -p tcp -m tcp --dport 15000 -j accept  -a input -i lo -j accept  -a input -j logndrop  -a logndrop -p tcp -m limit --limit 5/min -j log --log-prefix "denied tcp: " --log-level 7  -a logndrop -p udp -m limit --limit 5/min -j log --log-prefix "denied udp: " --log-level 7  -a logndrop -p icmp -m limit --limit 5/min -j log --log-prefix "denied icmp: " --log-level 7  -a logndrop -j drop commit  # completed on sun apr 23 05:32:09 2006

how looks csp?

i presume web-server? , clients connect 1 of 2 urls both resolve server's ip?

port 15000 for?

script looks fine me though, although tighten outbound rules if wanted to, allowing established , related connections, , enabling outbound connections initiated update servers etc. however, paranoid people!

Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [ubuntu] Iptables help

Ubuntu