Recipe 2.14 Protecting a Dedicated Server

Previous page
Table of content
Next page

2.14.1 Problem

You want to run a specific set of services on your machine, accessible to the outside world. All other services should be rejected and logged. Internally, however, local users can access all services.

2.14.2 Solution

Suppose your services are www, ssh, and smtp.

For iptables :

# iptables -F INPUT # iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m multiport -p tcp --dport www,ssh,smtp -j ACCEPT # iptables -A INPUT -j LOG -m limit # iptables -A INPUT -j REJECT

For ipchains:

# ipchains -F input # ipchains -A input -i lo -j ACCEPT # ipchains -A input -p tcp --dport www -j ACCEPT # ipchains -A input -p tcp --dport ssh -j ACCEPT # ipchains -A input -p tcp --dport smtp -j ACCEPT # ipchains -A input -l -j REJECT

2.14.3 Discussion

Local connections from your own host arrive via the loopback interface.

2.14.4 See Also

iptables(8), ipchains(8).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Introduction to 80x86 Assembly Language and Computer Architecture
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco CallManager Fundamentals (2nd Edition)
Mapping Hacks: Tips & Tools for Electronic Cartography
Microsoft WSH and VBScript Programming for the Absolute Beginner
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy