Results 1 to 4 of 4
Thread: iptables quick help...
-
02-08-2005, 12:53 AM #1Newbie
- Join Date
- Feb 2005
- Posts
- 13
iptables quick help...
I am configuring a Database server (MySQL) which I want to only allow incoming traffic on port 22 and 3306 (3306 for a network range only) and outgoing traffic on 123 (ntp)
is the following iptables configuration the tightest i can make ??
*filter
:OUTPUT ACCEPT
:FORWARD DROP
:INPUT DROP
-A INPUT -i lo -p all -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -s 66.32.187.0/24 --dport 3306 -j ACCEPT
Thanks for your help!!
-
02-08-2005, 03:42 AM #2Web Hosting Master
- Join Date
- Nov 2004
- Location
- India
- Posts
- 1,104
The rules seems to be okay. But want to see your other rules.
-
02-08-2005, 05:20 AM #3New Member
- Join Date
- Feb 2005
- Posts
- 2
That seems to be ok, if a little basic. It might be best to reply to disallowed connect requests with a "-j REJECT --reject-with tcp-reset" (for tcp) instead of just dropping the packets.
I would also recommend using -s to ip restrict connects on port 22 as well, always best to secure SSH as much as possible in my opinion.
-
02-08-2005, 12:56 PM #4Newbie
- Join Date
- Feb 2005
- Posts
- 13
What rule what I setup to reject disallow connect requests on? ICMP?