Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. In case of normal IPTABLES-SQUID setup.
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 8080/3128 IN | TCP(depending on if you are running PROXY accept for LAN) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE
2. In case of Iptables-transparent SQUID setup & MASQUAREDING
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 80/443/53 IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE
In last case & only in MASQUAREDING.. you got to,
Destination-port 80/443/53 FORWARD IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED FORWARD IN | @INET-INTERFACE
For rest of the ports & their direction of implementation;
you got to make list of services you are running & refer /etc/services for their port nos.
is this a router, a server, or a stand-alone PC?? the typical stand-alone PC won't need to allow any incoming connections to any port at all (all ports filtered), and outgoing connections would either be allowed to any port, or to "exactly the ones you need", as indicated by Samotnik... but really, the only way for us to advise you on which ports/services to allow is if you first provide a description of what the relevant box's duties are...
-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for ftp & http download and web access.
-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for safe and secure ftp & http download and web access.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.