|  About Me  |  Blogs  |  Photos  |  Publications  |  Resume  | 
« Access Reiserfs partition in Windows
ECB - emacs code browser »

Firewall policy

Setup the following firewall policy for my server:

$ iptables -P INPUT DROP

Default drop everything.

$ iptables -A INPUT -i eth1 -j ACCEPT
$ iptables -A INPUT -i lo -j ACCEPT

Accept everything on local network (eth1 connects to home access point) and local interface.

$ iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80 -j ACCEPT

Offer ssh and http services.

$ iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Allow connections initiated from the inside

$ iptables -A INPUT -i eth0 -p udp -m multiport --dports 6666,6677 -j ACCEPT

Enable ports for p2p programs.

Debian has removed the init script for iptables and suggest all the rules be put into network interfaces file, for example:

iface eth0 inet dhcp
        pre-up iptables -P INPUT DROP
        pre-up iptables -A INPUT -i $IFACE -p tcp -m multiport --dports 22,80 -j ACCEPT
        post-down iptables -D INPUT -i $IFACE -p tcp -m multiport --dports 22,80 -j ACCEPT
...

This entry was posted on Monday, November 22nd, 2004 at 7:29 pm and is filed under Debian, Network. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

You must be logged in to post a comment.