Hi guys, does anybody here tell me if it is correct? I would like to enable these services: FTP (21) SSH (22) SMTP (25) HTTP (80) POP3 (110) NTP (123) DHCP (67) DNS (53) Have I forgot something? Is it correct?! Code: #!/bin/sh IPT="/sbin/iptables" # Flush old rules, old custom tables $IPT --flush $IPT --delete-chain # Set default policies for all three default chains $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT DROP # Enable free use of loopback interfaces $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN $IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP # Accept inbound TCP packets $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp --dport 21 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT $IPT -A INPUT -p tcp --dport 25 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT $IPT -A INPUT -p tcp --dport 80 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT $IPT -A INPUT -p tcp --dport 110 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT # Accept inbound UDP packets $IPT -A INPUT -p udp -m udp --dport 53 -s 0.0.0.0/0 -j ACCEPT # Accept outbound packets $IPT -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT thanks
Hi Till, I have already set there the firewall in this way: Code: Name Port Type Active FTP 21 tcp yes SSH 22 tcp yes SMTP 25 tcp yes DNS 53 tcp yes DNS 53 udp yes WWW 80 tcp yes ISPConfig 81 tcp yes POP3 110 tcp yes IMAP2 143 tcp yes SSL (www) 443 tcp yes Webmin 10000 tcp yes but if I execute this command: iptables -L seems that the server is completely open to all!! Code: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination What have I do?!
