Iptables Connection Tracking
Hi
I am curious regarding the iptables action if following rules are in order for the port 80 for inbound connection w.r.t the firewall.
Is the follwing rules in order are correct i.e. web server will perform well if following rules have been placed.
iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 -d 192.168.1.10 --dport 80 -m state --state NEW -j LOG
iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 -d 192.168.1.10 --dport 80 -m state --state NEW -j DROP
iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST SYN -s 0/0 --sport 1024:65535 -d 192.168.1.10 --dport 80 -m state --state NEW -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp -tcp-flags SYN,ACK,FIN,RST SYN,ACK -s 192.168.1.10 --sport 80 -d 0/0 --dport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 --sport 1024:65535 -d 192.168.1.10 --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
|