LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables rules for web server email server,ftp and ssh,please help (http://www.linuxquestions.org/questions/linux-networking-3/iptables-rules-for-web-server-email-server-ftp-and-ssh-please-help-714346/)

lightwing 03-25-2009 09:24 AM

iptables rules for web server email server,ftp and ssh,please help
 
I'm a linux newbie.
My company has a server, it runs apache,mysql,qmail and ftp.
Now I want to set up iptables rules to protect it.
I want to hide the port of mysql, so that the user from internet cannot connect to mysql. Other services can be connect from internet.

And I also want to block clients who open new connections more than 500 in 10 seconds for 1 hours. Will this rule affect search engineer spider to search my website?

Please kindly help me to check whether rules i set could do what I want or not.
The following are my iptables rules:

IPTABLES= /sbin/iptables

/sbin/depmod -a

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_managle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit

$IPTABLES -t filter -P INPUT -p ALL -j DROP
$IPTABLES -t filter -P FORWARD -p ALL -j DROP
$IPTABLES -t filter -P OUTPUT -p ALL -j ACCEPT

$IPTABLES -N ratelimit

$IPTABLES -A OUTPUT -p tcp --sport 31337:31340 -j DROP
$IPTABLES -A OUTPUT -p tcp --dport 31337:31340 -j DROP

# SSH: 22, FTP: 21, http: 80, https:443, smtp:110, pop3:25, imap: 143
$IPTABLES -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --update -- rsource --secnods 10 --hitcount 50 -j DROP
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --set -- rsource -j ACCEPT
$IPTABLES -t filter -A INPUT -p tcp --syn -m multiport --dport 80,143,443,21,22,25,110 -j ratelimit

$IPTABLES -A ratelimit -p tcp -m state NEW -m recent --update --rsource --seconds 3600 -j DROP
$IPTABLES -A ratelimit -p tcp -m state --state NEW -m hashlimit --hashlimit 10/sec --haslimit-burst 50 --hashlimit-mode dstip --hashlimit-name badguy -j return

Regards &Thanks in advance

lightwing 03-25-2009 08:58 PM

Anyone here?


All times are GMT -5. The time now is 01:54 AM.