Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-25-2009, 10:24 AM   #1
LQ Newbie
Registered: Mar 2009
Posts: 2

Rep: Reputation: 0
iptables rules for web server email server,ftp and ssh,please help

I'm a linux newbie.
My company has a server, it runs apache,mysql,qmail and ftp.
Now I want to set up iptables rules to protect it.
I want to hide the port of mysql, so that the user from internet cannot connect to mysql. Other services can be connect from internet.

And I also want to block clients who open new connections more than 500 in 10 seconds for 1 hours. Will this rule affect search engineer spider to search my website?

Please kindly help me to check whether rules i set could do what I want or not.
The following are my iptables rules:

IPTABLES= /sbin/iptables

/sbin/depmod -a

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_managle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit

$IPTABLES -t filter -P INPUT -p ALL -j DROP

$IPTABLES -N ratelimit

$IPTABLES -A OUTPUT -p tcp --sport 31337:31340 -j DROP
$IPTABLES -A OUTPUT -p tcp --dport 31337:31340 -j DROP

# SSH: 22, FTP: 21, http: 80, https:443, smtp:110, pop3:25, imap: 143
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --update -- rsource --secnods 10 --hitcount 50 -j DROP
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --set -- rsource -j ACCEPT
$IPTABLES -t filter -A INPUT -p tcp --syn -m multiport --dport 80,143,443,21,22,25,110 -j ratelimit

$IPTABLES -A ratelimit -p tcp -m state NEW -m recent --update --rsource --seconds 3600 -j DROP
$IPTABLES -A ratelimit -p tcp -m state --state NEW -m hashlimit --hashlimit 10/sec --haslimit-burst 50 --hashlimit-mode dstip --hashlimit-name badguy -j return

Regards &Thanks in advance
Old 03-25-2009, 09:58 PM   #2
LQ Newbie
Registered: Mar 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Anyone here?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to monitor web server, FTP server, Mail server and database server vodka33us Programming 1 06-16-2008 05:20 AM
Web email server from private email server guy_ripper Linux - Server 2 01-17-2008 07:58 AM
iptables for home mail/web/ftp server Z038 Linux - Server 5 05-24-2007 07:34 PM
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 06:11 PM
Setup a linux server, DNS, WEB, FTP, and Mail Server Help watermelon_lee Linux - Networking 1 08-26-2003 04:09 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:35 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration