Hey there,
as you can probably tell from the subject, I'd greatly appreciate some help configuring my iptables rule set.
I wanted to host a hidden service on my raspberry pi, for fun. So far, I have put some effort into securing ssh connections, by forcing public key authentication - among other things.
Right now, I'm working on iptables rules. My goal is to force all traffic through tor, while still allowing me to access the server via ssh (which I have enabled on port 1357).
I'm still quite new to iptables, but this is the script I wrote so far:
Code:
#!/bin/bash
IPTABLES="/sbin/iptables"
$IPTABLES -F
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
$IPTABLES -A OUTPUT -j ACCEPT -o lo
$IPTABLES -A OUTPUT -j ACCEPT -p udp --dport 123
$IPTABLES -A INPUT -j ACCEPT -p tcp --dport 1357 -m state --state NEW,ESTABLISHED
$IPTABLES -A OUTPUT -j ACCEPT -p tcp --sport 1357 -m state --state ESTABLISHED
Are there any security flaws in this, or can I improve on anything? I was told that allowing time synchronisation with NTP was very important, hence I added the rule
Code:
$IPTABLES -A OUTPUT -j ACCEPT -p udp --dport 123
. Thank you all in advance!