I am trying to set iptables on my (OpenVZ) VPS today but I am not sure if I am getting it right.
Here is what I plan to start iptables with:
Code:
### Generated by JdS
*filter
### Drop all incoming or forwarded.
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
### Accept any established connections.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
### Accept outgoing.
:OUTPUT ACCEPT [0:0]
### Accept essential connections.
-A INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -m state --state NEW -p udp -m udp --dport domain -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport submission -j ACCEPT
### Disabled.
###-A INPUT -m state --state NEW -p udp -m udp --dport ftp-data -j ACCEPT
###-A INPUT -m state --state NEW -p tcp -m tcp --dport ftp-data -j ACCEPT
###-A INPUT -m state --state NEW -p udp -m udp --dport ftp -j ACCEPT
###-A INPUT -m state --state NEW -p tcp -m tcp --dport ftp -j ACCEPT
### Allow local loopback services
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
### Allow pings.
-A INPUT -p icmp -j ACCEPT
COMMIT
Maybe
ifconfig is relevant:
Code:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2069 errors:0 dropped:0 overruns:0 frame:0
TX packets:2069 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:274696 (268.2 KiB) TX bytes:274696 (268.2 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:165315 errors:0 dropped:0 overruns:0 frame:0
TX packets:106382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:189521530 (180.7 MiB) TX bytes:9823252 (9.3 MiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:12.34.56.78 P-t-P:12.34.56.78 Bcast:12.34.56.78 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:12.34.56.79 P-t-P:12.34.56.79 Bcast:12.34.56.79 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Of course the IP addresses above are bogus.
15-Jan-2012, 00:10
Running Linux Programs at Boot Time by gidnetwork
Similar Threads
