Iptables Critique
I've tried putting a firewall script together based on the tutorials I've read around the internet. Please critique and give me any recommendations especially for a stronger firewall. Thanks!
Code:
#!/bin/sh |
Nice piece of works.
Just a small critique : your are logging invalid packets. Logging is very dangerous, as an attacker could easily DDOS your computer sending enought invalid trafic to make your harddrive busy. I would recommend to make some "limit" rules about logging, to make sure you don't write more than, let's say, 1 invalid trafic per second? Btw, your default policy to OUTPUT is to DROP... are you sure this is right? I mean, you won't be able to reach the outside world from this box?! or maybe I missed something... |
Thanks I made the proper OUTPUT changes, I will make the log changes later. While I was looking around I found this script that I might use and scrap mine because it looks like it covers stuff that I didn't even come close to accounting for
http://gentoo-wiki.com/HOWTO_Iptables_for_newbies Thoughts? |
All times are GMT -5. The time now is 11:20 AM. |