2009/5/7 Zachary Uram <[email protected]>: > Hi, > > Running Debian lenny. I run a web server and try to keep all other > ports closed. Would like to get some feedback on my firewall. If you > have any suggestions for rules to add or other changes please let me > know. Also what are some other steps I can take next to further > increase my security? > > iptables -A INPUT -i eth0 -m conntrack --ctstate INVALID -j DROP ; > iptables -A INPUT -p tcp -m conntrack --ctstate NEW -i eth0 --dport 80 > -j ACCEPT ; > iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -j DROP ; > iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > > Zach > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > >
Hi, there are no default policy in your rules...you should set them. you can follow this tutorials to improve your firewall rules http://beginlinux.wordpress.com/2008/06/16/build-a-simple-iptables-firewall/ http://www.cyberdogtech.com/firewalls/ http://www.debian-administration.org/article/Question_A_good_iptables_tutorial I found them very useful when creating my configuration. -- Matteo Filippetto -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
