custom firewall

Discussion in 'Installation/Configuration' started by showe1966, Feb 8, 2008.

  1. showe1966

    showe1966 Member

    I don't like the idea of using the firewall that comes with ispconfig.

    Can anyone help me with my iptables rules so as the web server will still wortk after I switch the firewall on ??

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    block 0 -- anywhere anywhere

    Chain block (3 references)
    target prot opt source destination
    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh LOG level warning prefix `ssh connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp LOG level warning prefix `ftp connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:smtp LOG level warning prefix `nameserver connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:smtp
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain LOG level warning prefix `dns_tcp connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain
    LOG udp -- anywhere anywhere udp spts:1024:65535 dpt:domain LOG level warning prefix `dns_udp connect:'
    ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www LOG level warning prefix `web connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:81 LOG level warning prefix `81 connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:81
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:https LOG level warning prefix `ssl-www connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:https
    LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:pop3s LOG level warning prefix `s-pop3 connect:'
    ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:pop3s
    ACCEPT 0 -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    LOG 0 -- anywhere anywhere LOG level warning prefix `rejected packet:'
    DROP 0 -- anywhere anywhere
     
    showe1966, Feb 8, 2008
    #1

Share This Page