LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-24-2011, 12:51 PM   #1
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Rep: Reputation: 16
Improving this iptables configuration


I have the following set of iptables rules on a system that only has the following few requirements. Meeting those requirements, I'd like to make the iptables setup as restrictive as possible:

- Accept any traffic from $MY_IP_ADDRESS, which is my workstation's IP address
- Ability for this system to use NTP
- Anyone, not just me, should be able to log into SSH

I'm new to iptables but I read and fiddled around until I came up with the following rules. I'm pretty sure it's not the best setup, and I'm wondering if you can help me improve it. As an example, the last line in the following rules makes the 2nd and 3rd lines redundant. But if I remove it, then other stuff breaks...

Code:
  iptables -F
  iptables -A INPUT -p udp --dport 123 -j ACCEPT  # ntp
  iptables -A INPUT -p tcp --dport 22 -j ACCEPT  # ssh
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A INPUT -s $MY_IP_ADDRESS -j ACCEPT
  iptables -A INPUT -j DROP
  iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT  # ssh
  iptables -A OUTPUT -p udp --sport 123 -j ACCEPT  # ntp
  iptables -A OUTPUT -j ACCEPT  # too open...
How can I get away with removing the last line? And how can I improve on this setup?
 
Old 10-25-2011, 06:04 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 190Reputation: 190
What other stuff breaks?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables Configuration? SBN Linux - Security 6 11-13-2006 09:33 PM
iptables configuration linuxhippy Slackware 11 03-18-2006 03:59 PM
iptables configuration crazyjedi Linux - Newbie 2 03-15-2006 02:17 AM
iptables configuration tungaw2001 Linux - Networking 2 04-15-2004 03:01 PM
iptables configuration know Linux - Networking 2 05-25-2003 04:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration