Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-31-2011, 04:48 AM   #1
Registered: Aug 2007
Distribution: CentOS 5.0,CentOS 5.5
Posts: 47

Rep: Reputation: 15
Question Regarding iptables


Can someone please let me know strong iptables rules? Below entries are in iptables file.Here Y.Y.Y.Y is another branch public IP.This server acts as gateway+squid server.Further it will serve company's intranet page also using httpd.OS is CentOS 5.0.

:OUTPUT ACCEPT [12:2316]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 9595 -j LOG --log-prefix "TT :"
-A PREROUTING -s Y.Y.Y.Y -i eth0 -p tcp -m tcp --dport 9595 -j DNAT --to-destination
-A PREROUTING -i eth0 -p tcp -m tcp --dport 4777 -j LOG --log-prefix "VNC :"
-A PREROUTING -s Y.Y.Y.Y -i eth0 -p tcp -m tcp --dport 4777 -j DNAT --to-destination
:INPUT DROP [271:35674]
:OUTPUT ACCEPT [4594:364180]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
#-A INPUT -s -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -s -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 0/0 -i eth0 -p tcp -m tcp --dport 7522 -j LOG --log-prefix "SSH: "
-A INPUT -s Y.Y.Y.Y -i eth0 -p tcp -m tcp --dport 7522 -j ACCEPT
#-A INPUT -s 0/0 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s -i eth0 -p tcp -j ACCEPT
#To serve intranet page
-A INPUT -s -i eth0 -p tcp -m tcp --dport 8500 -j ACCEPT
#to provide Squid
-A INPUT -s -i eth0 -p tcp -m tcp --dport 2372 -j ACCEPT
#To access other local systems using vnc from this server
-A INPUT -s -i eth0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -s ! -i eth0 -p tcp -m tcp --dport 3128 -j DROP
-A INPUT -s ! -i eth0 -p tcp -m tcp --dport 2372 -j DROP
-A INPUT -s ! -i eth0 -p tcp -m tcp --dport 111 -j DROP
-A INPUT -s ! -i eth0 -p tcp -m tcp --dport 605 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 924 -j DROP
Thanks for your time.

Last edited by unSpawn; 03-31-2011 at 11:20 PM. Reason: //Added BB code tags
Old 04-03-2011, 09:00 PM   #2
Registered: Feb 2004
Location: Sydney - Australia
Distribution: OpenSUSE, Ubuntu, Mythbuntu, iMedia, Embedded Linux
Posts: 44

Rep: Reputation: 18
Rather then just plodding down a group of possible tables,
tell us in your own words what your trying to establish.

Then it is easier to work thru.
1 members found this post helpful.


firewall, iptables, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 08:36 AM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
IPtables Log Analyzer from brainlego Linux - Software 0 08-11-2003 06:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

All times are GMT -5. The time now is 08:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration