using iptables to create firewall
I am hosting a web server on port 80 and I am creating an iptable. I have already allowed the server to accept all INPUT packets on port 80. Is it necessary to set the iptable to accept all OUTPUT packets on port 80 as well.
:study: |
If your iptables config does egress filtering (dump all packets unless allowed) then you will need to do something like the following:
Append to the output table a line that allows all tcp packets from the src port 80. A good security measure is to deny all syn requests from this port as the webserver should not be requesting connections. It would look something like: iptables -A OUTPUT -o eth1 -p tcp --source <IP ADDRESS> --sport 80 !--syn -j ACCEPT Of course if you have no egress filtering, ie. your OUTPUT table has everything from your network card as ACCEPT then there is no need for any of this. From a security point of view though egress filtering is preferable to no egress filtering IMHO. |
Please view the posted link below to see what I have setup for my iptables
http://www.linuxquestions.org/questi...hreadid=242167 :Pengy: |
All times are GMT -5. The time now is 01:49 AM. |