I have recently bought a VPS with CentOS 6.5 and DirectAdmin already installed on it. Knowing that I need to configure the firewall and security tools, I have already studied some basic tutorials about Linux's famous firewall, that is, Iptables and have added some lines to it according to the material I have read. I have also installed and configure the fail2ban. Now, I wanted to ask if my Iptables configuration is correct or I need to make any other changes. Please be kind enough to let me know if I have to make any corrections.
Your default policy on your INPUT chain is "DROP" but you end with a global REJECT (meaning the DROP will never happen), I'd recommend removing that last line, or changing your default policy to ACCEPT, having both could be confusing during debugging.
I'm a fan of DROP over REJECT as it slows scanners and helps differentiate between something being offline or broken, and something being blocked by your firewall.
I think you are probably accepting too many INPUT ports, I'd wager you don't need pop,pops,imap & imaps?
Are you sure you want to be allowing incoming DNS requests?
Change your default policy of the FORWARD chain to either REJECT or DROP (or at least add a few rules to ensure you are only forwarding for things on your internal network).
Near the start, you are accepting Related and Established replies, then further down near the end of the INPUT chain you accept Established again, don't need that second one.
The three DROP rules near the top also have some redundancy in them (dropping FIN packets in two different rules for instance).
Your OUTPUT chain's default policy is ACCEPT, but you also have a bunch of rules that ACCEPT certain outbound connections, I'd assume that you probably meant to have the default policy as REJECT or DROP?
---------- Post updated at 09:15 AM ---------- Previous update was at 09:15 AM ----------
Edit: These are relatively small points, though, overall I think you are on the right track with this.
Thanks for the neat explanation. Actually, I have installed CSF now it seems to kind of automatically write iptables rules and add rules to it. It is not flawless, but for me it is good enough for now.
Hello All,
This is driving me nuts. Wrote a very simple script (it's in csh so sorry about that). Just something very simple though. Here is the catch. Works great from command line sometimes. Other times it runs no errors or anything but I never receive an email. Never runs from crontab... (6 Replies)
Okay, I have the following script that runs fine from a command line as well as an executable .sh file. It just moves any file/folder with movie* in the name to a folder called _Movies. The issue I'm running into is when it's call from a cron.
find /mnt/HD_a2/BT/complete -iname "movie.*" -exec... (4 Replies)
Dear All,
I am using xenomai-2.4 along with linux kernel 2.6
In my application having following threads.
8ms perodic thread (RT TASK)
1ms perodic thread(RT TASK)
16ms perodic thread(RT TASK)
256ms perodic thread(RT TASK)
22 - pthread are condition based it may execute or else in... (1 Reply)
I'm working with the audit system on aix 5.1 and 5.3 . But after lots of googling and RTFM, I can't figure out how to audit all files in a given directory rather than specifying each file individually like /etc. And how can I exclude a directory such as /var/tmp so I don't get records for every... (0 Replies)
Hello to all
can any one help me out with a nawk script.
Actually i am having a shell script which uses nawk pattern searching
and it is not parsing the file properly.
I have been debugging it since long time, but nt able 2 find the root cause..
If any one can help me out with this one .. (3 Replies)
Hello all,
This beats me. I have a script that executes some commands and redirects their output to some text files that I will parse. The commands are along the lines of:
dsmadmc -id=admin -pa=admin -outfile=/home/tools/qlog.txt q log f=d
If I just run the script it works. If I execute... (2 Replies)
hi !
In my program I have a structure as shown below:
struct data
{
int a;
char *b;
long c;
}str;
i have assigned the following values to it:
strcpy(str.b,"John");
str.a=10;
str.c=123435;
The client is tryin to send struct data to the server using
send(sock,(char *... (2 Replies)