Need some assistance with iptables rulesets...
I have sort of a unique situation here and I am trying to design a ruleset to cover it...
I have 3 networks which we can call CompanyA, CompanyB, and Services
Company A and CompanyB need to have pretty much unfettered communication. The Services network has things like webservers and other things that need to be accessed from both CompanyA and CompanyB. I want to allow access to Services via port 80, 8080, and 3389 (for terminal services) for the time being, all TCP.
So far the ruleset I have is this:
(eth0 is CompanyA, eth1 is CompanyB, eth2 is Services)
-A INPUT -j INPUT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth2 --protocol tcp --sport 80 -j ACCEPT
-A INPUT -i eth2 --protocol tcp --sport 8080 -j ACCEPT
-A INPUT -i eth2 --protocol tcp --sport 3389 -j ACCEPT
-A INPUT -i eth2 -j DROP
-A OUTPUT -o eth2 --protocol tcp --sport 80 -j ACCEPT
-A OUTPUT -o eth2 --protocol tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth2 --protocol tcp --sport 3389 -j ACCEPT
-A OUTPUT -o eth2 -j DROP
Keep in mind I'm a complete newbie to iptables and this is just what seems logical to me, so be gentle!
Does this look good or does this look like a wrong or incorrect way to do this?
Thanks!
|