[TriLUG] Iptables rule sets

matt at noway2.thruhere.net matt at noway2.thruhere.net
Wed May 21 15:19:36 EDT 2014


> You left out a critical detail.  What are you trying to accomplish by
> using
> iptables?
>
>
You beat me to it.  That was going to be my first question.

My immediate comments would be as follows:
1 - don't set the input policy to drop.  Set it to allow, then add your
specific allow rules followed by a default drop all at the bottom.  This
way if you flush the rule table you don't lock yourself out.

2 - I didn't see any mention of RELATED traffic.  Typically I use accept
RELATED and ESTABLISHED.  For example, if you connect to port 80 on a web
server, the return traffic could be to a random port.

3 - What is your purpose behind blocking the output and forward chains? 
This goes back to what do you want to do.

Also remember that Linux does not default to open ports.  Think of
IPTables as a protective wrapper around things that prevents unintentional
mistakes and opened ports.  Also remember that it is only one small layer
in your overall security posture.  Many coming from the Windows mind set
see it as the be all end all of security.  Not saying that you are, just
that is how many approach it.


More information about the TriLUG mailing list