Ive got my squid box exposed to the internet so its acting as the gateway for the network, its got all ports open to the outside world on it. What firewall rules should i be using to give me decent protection. Currently ive got a one to drop all traffic that isnt established or related but that isnt a good level of protection is it?
Thanks
Jack
i would unplug your network from the internet until you have some protection.
Depending how you've done it, it's fine. (why, what else do you think it should do?) You should be dropping in the default for the incoming chain and have an exception in for established or related.Originally Posted by Jackd
If it's the gateway though, rather than just a filtering server, presumably you already have it set up to do NAT and forwarding?
Thats the blocking rule ive got and yes ive got some masquerading rules too for it, but is that ok or do i need other rules for it to be better?Code:-A INPUT -m state -i eth0 ! --state ESTABLISHED,RELATED -j DROP
Jack
Reverse that rule and make the chain default to drop, and add a rule to allow established and related connections. Something like this (substituting $EDEV for your external interface, $IDEV for your internal interface, and $RANGE for your IP range, eg 192.168.0.0/24):
Code:iptables --flush #flush out existing rules iptables -A INPUT -p tcp --dport 22 -s $RANGE -j ACCEPT #example: allow incoming SSH iptables -A INPUT -p tcp --dport 80 -s $RANGE -j ACCEPT #example: allow incoming HTTP iptables -P INPUT DROP #finally, drop all other packets iptables -A FORWARD -i -j ACCEPT #forwarding from internal to external iptables -t nat --flush #flush NAT rules iptables -t nat -A POSTROUTING -o $EFACE -j MASQUERADE #enable NAT masquerading echo 1 > /proc/sys/net/ipv4/ip_forward #enable packet forwarding iptables -P FORWARD DROP #finally, drop other forward traffic
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
