Hey everyone. I recenty installed a server at a datacenter offsite and the thing is getting hammered with invalid ssh logins so I decided to use some iptables.
I included my ruleset here. I was wondering if I could get some feedback based on my ruleset from those of you using iptables in production systems. It seems to be working but some critique would be appreciated. Thanks #!/bin/sh # My system IP/set ip address of server SERVER_IP="x.x.x.x" # Flushing all rules iptables -F iptables -X # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Allow unlimited traffic on loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow incoming ssh only from secure hosts iptables -A INPUT -p tcp -s x.x.x.x -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s x.x.x.x -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT #Allow http & Asterisk Related Traffic iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j ACCEPT # SIP on UDP iptables -A INPUT -p udp -m udp --dport 5004:5082 -j ACCEPT # IAX2- iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT # IAX - iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT iptables -A INPUT -j DROP iptables -A OUTPUT -j ACCEPT
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
