Howdy everybody!

I have to secure our companies webserver with iptables so I searched for HowTos but I only found some which described how to set up a router or something like that ...

so now I played a bit around with that stuff and managed to set up some basic rules ... ports for web/secure-web, ftp/ftp-data, smtp, pop3 and IRC-proxy ( o_O ) are open to the public and mysql and ldap are only open for localhost ...
so far so good but now, if I connect via ftp it is much slower than if every port is open ... and with pop3 it is the same thing ( sometimes it 'hangs' for more than 3 minutes ... )
I think that he tries to connect to some other ports after he connected to the 'main' port is that right ?
so i tried out with a
iptables -A INPUT -m tcp -p tcp --tcp-flags ALL SYN,ACK -j ACCEPT
but there was no change ...
even with a --state ESTABLISHED,RELATED
not ...

( hmm ... well ... i'm a nubie ^^ )

has someone a good howto for webserver iptables security ? or maybe a good script ?

thanks in advance
darookee

Could you search both the security and networking forum?
Next to specifics on how to solve security and networking problems there's tons of links to HOWTO's, security sites etc etc.
security+howto
security+links
security+basics
security+reference

If you have problems with iptables, include a general rule that will log traffic so you can see what get's denied so you can try to solve it, and/or post your script.

CERT's Techtips, especially the "UNIX Computer Security Checklist",
CERT, root compromise, part F,
LASG: Linux Administrator's Security Guide,
Security Quick-Start HOWTO for Linux,
Armoring Linux,
SAG: The Linux System Administrator's Guide,
The SANS Reading room: Linux issues,
Bastille Linux Hardening System,
Elementary security for your Linux box,
Securityfocus.com vulnerabilities by Bugtraq/CVE ID,
CERT,
Sans Reading Room (reach tru Google cache!),
SecFocus UNIX,
LinuxSecurity.com,
ISS,

The rest of my (old) security reference list is in the second reply here: "possibly a dumb(..)".