Results 1 to 4 of 4
  1. #1

    iptables quick help...

    I am configuring a Database server (MySQL) which I want to only allow incoming traffic on port 22 and 3306 (3306 for a network range only) and outgoing traffic on 123 (ntp)

    is the following iptables configuration the tightest i can make ??


    *filter
    :OUTPUT ACCEPT
    :FORWARD DROP
    :INPUT DROP
    -A INPUT -i lo -p all -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
    -A INPUT -i eth0 -p tcp -s 66.32.187.0/24 --dport 3306 -j ACCEPT


    Thanks for your help!!

  2. #2
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    The rules seems to be okay. But want to see your other rules.

  3. #3
    That seems to be ok, if a little basic. It might be best to reply to disallowed connect requests with a "-j REJECT --reject-with tcp-reset" (for tcp) instead of just dropping the packets.

    I would also recommend using -s to ip restrict connects on port 22 as well, always best to secure SSH as much as possible in my opinion.

  4. #4
    What rule what I setup to reject disallow connect requests on? ICMP?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •