Ubuntu

Hi all ,

I Have Servers in remote location and now im setting up Some of the iptables fot that this is my finall steps in my servers and i need to open only 5 ports they are
80,443,9123,1985,22 And 22 Must want to be enabled for accesing it from my location , So here is the ip tables i have wrote , Please Review it and give me solution wether is in correct format for opening those 5 ports and all other ports need to be closed . Dos attack want to be Protected its too mentioned here please go throught it and give me solution

Code:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9123 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1935 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -A INPUT -j DROP

This last line Blocking every think .. how can i enable all the above ports and block all other .. did the line 6th one is right ? Suggest me please
After this only i need to configure failtoban ..

You could set the default policy for the INPUT chain to DROP:

Code:

iptables -P INPUT DROP

For ssh access (using a port other than 22) from a remote host, I usually use this rule:

Code:

iptables -A INPUT -p tcp -i eth0 --dport 2222 --sport 1024:65535 -s <ip address of your remote machine> -m conntrack --ctstate NEW -j ACCEPT

Hope this helps.

Let me check it with ma server and come back to u thanks

---------- Post updated at 12:33 AM ---------- Previous update was at 12:05 AM ----------

And im using Dynamic IP for my location , and im accesing my server which was located in US , then how can set , the above rule cant use cos im using Dynamic IP

You can use a hostname for the -s switch as well as an IP Address.