iptables firewall rules
Ive got my squid box exposed to the internet so its acting as the gateway for the network, its got all ports open to the outside world on it. What firewall rules should i be using to give me decent protection. Currently ive got a one to drop all traffic that isnt established or related but that isnt a good level of protection is it?
i would unplug your network from the internet until you have some protection.
Depending how you've done it, it's fine. (why, what else do you think it should do?) You should be dropping in the default for the incoming chain and have an exception in for established or related.
Originally Posted by Jackd
If it's the gateway though, rather than just a filtering server, presumably you already have it set up to do NAT and forwarding?
Thats the blocking rule ive got and yes ive got some masquerading rules too for it, but is that ok or do i need other rules for it to be better?
-A INPUT -m state -i eth0 ! --state ESTABLISHED,RELATED -j DROP
Reverse that rule and make the chain default to drop, and add a rule to allow established and related connections. Something like this (substituting $EDEV for your external interface, $IDEV for your internal interface, and $RANGE for your IP range, eg 192.168.0.0/24):
iptables --flush #flush out existing rules
iptables -A INPUT -p tcp --dport 22 -s $RANGE -j ACCEPT #example: allow incoming SSH
iptables -A INPUT -p tcp --dport 80 -s $RANGE -j ACCEPT #example: allow incoming HTTP
iptables -P INPUT DROP #finally, drop all other packets
iptables -A FORWARD -i -j ACCEPT #forwarding from internal to external
iptables -t nat --flush #flush NAT rules
iptables -t nat -A POSTROUTING -o $EFACE -j MASQUERADE #enable NAT masquerading
echo 1 > /proc/sys/net/ipv4/ip_forward #enable packet forwarding
iptables -P FORWARD DROP #finally, drop other forward traffic