Hi,
I have three questions regarding iptables:
1. Here's my basic ruleset. Is this decent for a general
use setup direct connected to the internet?
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
(optional, if I'm feeling polite) iptables -A -p icmp -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
2. I have tried to add
Code:
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j ACCEPT
To allow connections to a webserver. The odd thing is with that rule,
a scan from say, GRC will show 80 open, but I cannot get the 'It Works'
page from either a proxy or typing my ip in the address bar.
And no log entries for the request.
However, If I flush rules, and set the input policy to ACCEPT,
I can get the page.
3. Logging The best logging rule I have come up with is:
Code:
iptables -A INPUT -m limit --limit 15/minute -j LOG \--log-level 7 --log-prefix "Firewall"
How best to parse the tons of stuff this produces? A grep script
or any apps that could sort it out for me?
For example, if someone was poking around rattling doors and such
over a period of time, I would never pick it up out of all the noise.
Thanks for any input!!!