|
pls comment on my firewall
Hi,
I setup my iptables to look like this one below, I drop all incoming packet from the internet using port telnet, ftp,smtp and leave the port http,https, and ssh open. but on my lan i live all ports open and specify certain ip and netmask.
With this set of rules why i cant access HTTPS?
Is this set of rules on iptables safe now?
Chain INPUT (policy ACCEPT 240K packets, 68M bytes)
pkts bytes target prot opt in out source destination
1 60 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
2 100 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:telnet
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:ftp
1 40 DROP tcp -- eth0 any anywhere anywhere tcp dpt:telnet
11 1674 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:ssh
0 0 DROP tcp -- eth0 any anywhere anywhere tcp dpt:smtp
3 144 DROP tcp -- eth0 any anywhere anywhere tcp dpt:ftp
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:https
0 0 ACCEPT tcp -- eth1 any 130.1.0.0/16 anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- eth1 any 130.1.0.0/16 anywhere tcp dpt:telnet
0 0 DROP tcp -- eth0 any anywhere anywhere tcp dpt:telnet
0 0 DROP tcp -- eth0 any anywhere anywhere tcp dpt:ssh
0 0 DROP tcp -- eth0 any anywhere anywhere tcp dpt:ftp
0 0 DROP tcp -- eth0 any anywhere anywhere tcp dpt:smtp
Chain OUTPUT (policy ACCEPT 20618 packets, 1312K bytes)
pkts bytes target prot opt in out source destination
[root@localhost root]# Chain INPUT (policy ACCEPT 240K packets, 68M bytes)
Pls. comment with my setup
Thanks...
Mike
|
