LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Iptables Connection Tracking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-05-2007, 01:34 AM   #1
karimasif
LQ Newbie
 
Registered: Aug 2007
Posts: 13

Rep: Reputation: 0
Iptables Connection Tracking

Hi
I am curious regarding the iptables action if following rules are in order for the port 80 for inbound connection w.r.t the firewall.

Is the follwing rules in order are correct i.e. web server will perform well if following rules have been placed.


iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 -d 192.168.1.10 --dport 80 -m state --state NEW -j LOG
iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 -d 192.168.1.10 --dport 80 -m state --state NEW -j DROP



iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST SYN -s 0/0 --sport 1024:65535 -d 192.168.1.10 --dport 80 -m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth1 -p tcp -tcp-flags SYN,ACK,FIN,RST SYN,ACK -s 192.168.1.10 --sport 80 -d 0/0 --dport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT


iptables -A FORWARD -i eth0 -p tcp -tcp-flags SYN,ACK,FIN,RST ACK -s 0/0 --sport 1024:65535 -d 192.168.1.10 --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
Old 09-05-2007, 12:50 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Are you unable to do preliminary testing yourself for some reason?

On a side note, I'm moving this to Linux - Networking, as asking whether or not your web server will perform well with a certain set of iptables rules isn't really a security question.
Last edited by win32sux; 09-05-2007 at 12:53 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how does IPTABLES -A FORWARD two way traffic without using connection tracking? farhan Linux - Security 4 09-05-2007 12:31 PM
Problem with connection tracking in IPtables!! vishamr2000 Linux - Security 2 05-09-2007 01:50 PM
Help with connection tracking!! vishamr2000 Linux - Security 1 05-27-2005 04:47 AM
iptables tracking machine eranb2 Linux - Security 4 01-07-2005 11:12 AM
Tracking internet usage with iptables mdkelly069 Linux - Networking 7 09-13-2004 11:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:15 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration