Hello guys, Finally I finished my server and everything seems to be works fine.. Now a small issue that I am not sure if it's a problem is:: First I have set fail2ban to filter the ssh with a compilation of iptables, for example if I get fail to login with ssh up to 3 times then fail2ban block my external ip address for a short of time. I have also ask from iptables to allowed only request from a specific external ip address:: so if someone tries to login in even if knows my user and pass, not be able to login and iptables drop the packet. Now I am not sure if that's works since I didn't add directly on the iptables rules, and I want to know, if there is any possible ways to do that?? I have use the command Code: iptables -A INPUT -p TCP -s "93.xxx.xxx.xxx" --dport 22 -j DROP where 93.xxx.xxx.xxx.xx is my external ip address , also if that's ok can I set another ip address or it will overwrite the previous ?? Another problem that I want is to close any port that are non-used.. As I have check I need to have only 3 ports for my needs. 22 ssh, 80 http, and 3306 mysql, Now 3306 is not necessary to be open outside for world, I just need access only from localhost, So I thought was better to do as previous and drop outside connectivity for mysql, so I have used Code: iptables -A INPUT -p TCP -s 127.0.0.1 --dport 3306 -j DROP Now I don't now if the above thoughts and steps are correct so I need someone who knows something more from me.. At the end I don't know what to do with icmp-host-prohibited and more general with icmp I read a lot articles about this subject, and as I was doing my second final year project, I conclude that, is something that only a very experienced people can answer it correct. Sometimes is bad to reject it, and sometime good to have, according your needs, what's your opinion about that?? At the end please give a shoot to my iptable -L below and let me know if I miss something:: since ispconfig is seems to work, but even if I set the port 8080 open it's redirect into the domain name and passes the login page of ispconfig. ( I don't think that's a problem, I just need a confirmation) Code: Chain INPUT (Policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql DROP tcp -- localhost anywhere tcp dpt:mysql REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- anywhere anywhere Thank you in advance!!!!
