Is my iptables fine? Post: 302910720

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers Is my iptables fine? Post 302910720 by Smiling Dragon on Sunday 27th of July 2014 05:15:53 PM

07-27-2014

Registered User

Your default policy on your INPUT chain is "DROP" but you end with a global REJECT (meaning the DROP will never happen), I'd recommend removing that last line, or changing your default policy to ACCEPT, having both could be confusing during debugging.

I'm a fan of DROP over REJECT as it slows scanners and helps differentiate between something being offline or broken, and something being blocked by your firewall.

I think you are probably accepting too many INPUT ports, I'd wager you don't need pop,pops,imap & imaps?

Are you sure you want to be allowing incoming DNS requests?

Change your default policy of the FORWARD chain to either REJECT or DROP (or at least add a few rules to ensure you are only forwarding for things on your internal network).

Near the start, you are accepting Related and Established replies, then further down near the end of the INPUT chain you accept Established again, don't need that second one.

The three DROP rules near the top also have some redundancy in them (dropping FIN packets in two different rules for instance).

Your OUTPUT chain's default policy is ACCEPT, but you also have a bunch of rules that ACCEPT certain outbound connections, I'd assume that you probably meant to have the default policy as REJECT or DROP?

---------- Post updated at 09:15 AM ---------- Previous update was at 09:15 AM ----------

Edit: These are relatively small points, though, overall I think you are on the right track with this.

Smiling Dragon

View Public Profile for Smiling Dragon

Find all posts by Smiling Dragon

8 More Discussions You Might Find Interesting

1. Linux

which linux products is used(fine) to me ?

which linux products is used(fine) to me ? I am learning linux now ,and a new memeber of linux ,hoping to know it more .

2. IP Networking

recv() not workin fine.....

hi ! In my program I have a structure as shown below: struct data { int a; char *b; long c; }str; i have assigned the following values to it: strcpy(str.b,"John"); str.a=10; str.c=123435; The client is tryin to send struct data to the server using send(sock,(char *...

3. Shell Programming and Scripting

Script works fine until I | more

Hello all, This beats me. I have a script that executes some commands and redirects their output to some text files that I will parse. The commands are along the lines of: dsmadmc -id=admin -pa=admin -outfile=/home/tools/qlog.txt q log f=d If I just run the script it works. If I execute...

4. Shell Programming and Scripting

NAWK Script not working fine

Hello to all can any one help me out with a nawk script. Actually i am having a shell script which uses nawk pattern searching and it is not parsing the file properly. I have been debugging it since long time, but nt able 2 find the root cause.. If any one can help me out with this one ..

5. AIX

fine grained audit control

I'm working with the audit system on aix 5.1 and 5.3 . But after lots of googling and RTFM, I can't figure out how to audit all files in a given directory rather than specifying each file individually like /etc. And how can I exclude a directory such as /var/tmp so I don't get records for every...

6. UNIX for Advanced & Expert Users

How to know whether my perodic thread is working fine

Dear All, I am using xenomai-2.4 along with linux kernel 2.6 In my application having following threads. 8ms perodic thread (RT TASK) 1ms perodic thread(RT TASK) 16ms perodic thread(RT TASK) 256ms perodic thread(RT TASK) 22 - pthread are condition based it may execute or else in...

7. Shell Programming and Scripting

Script runs fine, but not in a cron

Okay, I have the following script that runs fine from a command line as well as an executable .sh file. It just moves any file/folder with movie* in the name to a folder called _Movies. The issue I'm running into is when it's call from a cron. find /mnt/HD_a2/BT/complete -iname "movie.*" -exec...

8. Shell Programming and Scripting

Script works fine but not with crontab

Hello All, This is driving me nuts. Wrote a very simple script (it's in csh so sorry about that). Just something very simple though. Here is the catch. Works great from command line sometimes. Other times it runs no errors or anything but I never receive an email. Never runs from crontab...

LEARN ABOUT MOJAVE

drop_tablespace

DROP 
TABLESPACE(7)						   SQL Commands 						DROP TABLESPACE(7)

NAME

       DROP TABLESPACE - remove a tablespace

SYNOPSIS

       DROP TABLESPACE [ IF EXISTS ] tablespacename

DESCRIPTION

       DROP TABLESPACE removes a tablespace from the system.

       A  tablespace  can  only  be  dropped  by  its owner or a superuser.  The tablespace must be empty of all database objects before it can be
       dropped. It is possible that objects in other databases might still reside in the tablespace even if no objects in the current database are
       using  the  tablespace. Also, if the tablespace is listed in the temp_tablespaces setting of any active session, the DROP might fail due to
       temporary files residing in the tablespace.

PARAMETERS

       IF EXISTS
	      Do not throw an error if the tablespace does not exist. A notice is issued in this case.

       tablespacename
	      The name of a tablespace.

NOTES

       DROP TABLESPACE cannot be executed inside a transaction block.

EXAMPLES

       To remove tablespace mystuff from the system:

       DROP TABLESPACE mystuff;

COMPATIBILITY

       DROP TABLESPACE is a PostgreSQL extension.

SEE ALSO

       CREATE TABLESPACE [create_tablespace(7)], ALTER TABLESPACE [alter_tablespace(7)]

SQL - Language Statements					    2010-05-14							DROP TABLESPACE(7)