LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   using iptables to create firewall (https://www.linuxquestions.org/questions/fedora-35/using-iptables-to-create-firewall-241825/)

helpme0904 10-12-2004 02:46 PM
using iptables to create firewall
 
I am hosting a web server on port 80 and I am creating an iptable. I have already allowed the server to accept all INPUT packets on port 80. Is it necessary to set the iptable to accept all OUTPUT packets on port 80 as well.

:study:

phantompgr 10-13-2004 05:29 AM
If your iptables config does egress filtering (dump all packets unless allowed) then you will need to do something like the following:

Append to the output table a line that allows all tcp packets from the src port 80.
A good security measure is to deny all syn requests from this port as the webserver should not be requesting connections.

It would look something like:
iptables -A OUTPUT -o eth1 -p tcp --source <IP ADDRESS> --sport 80 !--syn -j ACCEPT

Of course if you have no egress filtering, ie. your OUTPUT table has everything from your network card as ACCEPT then there is no need for any of this. From a security point of view though egress filtering is preferable to no egress filtering IMHO.

helpme0904 10-13-2004 04:31 PM
Please view the posted link below to see what I have setup for my iptables

http://www.linuxquestions.org/questi...hreadid=242167

:Pengy:


All times are GMT -5. The time now is 01:49 AM.