Can't see source on first SSH entry in iptables
Now I managed to get iptables to work with my OpenVZ configurations and everything seems to work as it should. However when I run iptables -L I can only see source for the second SSH rule, why isn't the first ones source/IP shown?
Also if you have any comments about the setup feel free :-) I'm running SSH, Apache and local MySQL The xxx.xxx is simply to hide my IP's Code:
iptables -P INPUT ACCEPT |
Quote:
why the drop rule after the reject? nothing will reach that rule anyway. add a chain for logging anything that is dropped if you plan to go with the DROP. that is good for troubleshooting purposes. |
Quote:
Quote:
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
Quote:
This is more of a personal preference, I guess, but I find that if a FW admin always has 'best practices' as a focus, even with FWs monitoring small network segments, it helps a TON when the job of administrating FWs that track large network segments. Basically, it won't hurt to log on the deny rule, as long as there's proper system resources...just be prepared to be stupified when the system is acting quirky when trying to handle large loads. |
Yeah, I'd recommend the use of the limit match module if performance and/or resource issues arise or are expected. Using DROP/REJECT rules within the chain (in order to filter certain packets while keeping them away from the LOG rule) is also an option.
|
Thanks for all the replies have got a better understanding now and think I've come up with a proper configuration
Code:
iptables -P INPUT ACCEPT |
Quote:
Code:
iptables -N LOG_DROP [/code] |
All times are GMT -5. The time now is 03:30 AM. |