I'm having some problems w/ my iptables rules and I have tried almost 20 or so different attempts and I hope someone here can help. Our network consists of one network (eth0) connected to the Internet. The iptables are setup on RedHat 7.1 (running Kernel 2.4.9-21smp). This server needs to have ssh, dns, smpt, & http running.
I have tried using some more advance iptable rules which have rules for syn-flooding, fragments, etc but I couldn't get them to work so I took them out for right now. I wrote the following basic rules, which I know might not be the best and was hoping someone can help me improve on them and fix the few issues were faced with: #Default DROP Policy iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #LOOPBACK iptables -A INPUT -i lo -j ACCEPT #SPOOFING iptables -A INPUT -s ip_address_#1_of_server -i eth0 -j DROP iptables -A INPUT -s ip_address_#2_of_server -i eth0 -j DROP iptables -A INPUT -s ip_address_#3_of_server -i eth0 -j DROP iptables -A INPUT -s ip_address_#4_of_server -i eth0 -j DROP iptables -A INPUT -s ip_address_#5_of_server -i eth0 -j DROP #Refuse Packets from Private/Multicast as we don't use it iptables -A INPUT -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP iptables -A INPUT -s 172.16.0.0/255.240.0.0 -i eth0 -j DROP iptables -A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -j DROP iptables -A INPUT -s 224.0.0.0/240.0.0.0 -i eth0 -j DROP iptables -A INPUT -s 240.0.0.0/248.0.0.0 -i eth0 -j DROP iptables -A INPUT -d 127.0.0.0/255.0.0.0 -i eth0 -j DROP #Refuse Packets from Our Broadcast Address iptables -A INPUT -d broadcast_ip_address -i eth0 -j DROP #Services we allow IN iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #Services we allow OUT iptables -A OUTPUT -o lo -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 1024:65535 -j ACCEPT Is there a security risk to allow ports 1024:65535 out? And if so, how can I correct this and still allow ssh,dns,smpt,http,https to work fine? Also, the way the rules are currently setup do not allow for DNS queries or updates between this server which is a secondary name server and the primary name server. What am I doing wrong? I added for both INPUT & OUTPUT tcp and udp rules for port 53 and it still doesn't work. (I don't even know if I need to have such rules) Thanks! SW
