hello linux gurus i am a complete noob on linux (doing college course to help) and have firewall problem, i need to do the following report:
You should make the rest of the rules as security focused (and sensible) as possible.
- Full egress and ingress filtering (i.e. defaults are all REJECT)
- The machine has only one network connection, eth0.
- The machine runs ssh, telnet, apache, and qmail.
- It should be able to surf the web, send email, and make DNS lookups.
- The apache user should not be allowed to surf the web
now this is what i have so far:
iptables –F INPUT
iptables –F OUTPUT
iptables –F FORWARD `
# -F flushes the tables, no rules set
iptables –P INPUT REJECT
iptables –P OUTPUT REJECT
iptables –P FORWARD REJECT
# -P sets the policy, REJECT deletes packets and terminates, however sends back a #ICMP message to sender (shows info about firewall ruleset)
iptables –A INPUT –p tcp --sport 22 –j ACCEPT
iptables –A INPUT –p tcp --sport 23 –j ACCEPT
iptables –A INPUT –p tcp --sport http –j ACCEPT
iptables –A INPUT –p tcp --sport smtp –j ACCEPT
iptables –A INPUT -p udp --sport ns_addr –j ACCEPT
#assuming DNS nameserver is ns_addr
iptables –A OUTPUT state --state NEW –p tcp --sport 80 –m owner –uid-owner=apache –j DROP
have not run any of it yet (forgot college login details)so just need to know if the above will work or does it need changing
thanks for any help
The main site www.linuxhomenetworking.com has a tutorial on most of this. The tutorial explains how to allow / deny incoming and outgoing connections.
FYI - INPUT covers incoming connections, so the destination dport not source sport should be used.