Hi guys, I have seen for the first time today the rules generated by the ISPConfig application. Many users in various IRC chat told me that are only trash! Is it possible? These are the IpTables generated by ISPConfig: Code: # iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (11 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ndmp PAROLE tcp -- anywhere anywhere tcp dpt:mysql ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere how can rewrite them or improve them?
They are not generated by ispconfig, they are generated by the bastille firewall. Bastille firewall is a a well known firewall script that is used to enhance linux security and is around there for > 10 years. Its a very stable and well known software.... http://www.linux.com/archive/feature/118353 Some other rules might be from fail2ban. If you use fail2ban on the same system, you should configure it to use the route command instead of iptables. see ispconfig FAQ for details.
I guess you find many funny poeple in IRC. Or do you think that linux.com and many other well known linux sites and newspapers write artciles about trash
