Deer firewall rules
# general -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT # ssh -A INPUT -d 91.121.17.119 -p tcp -m tcp --dport 22 -j ACCEPT # server ports: http and https -A INPUT -d 91.121.17.119 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d 91.121.17.119 -p tcp -m tcp --dport 443 -j ACCEPT # phpmyadmin - personal ip's masked for privacy -A INPUT -d 91.121.17.119 -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 447 -j ACCEPT -A INPUT -d 91.121.17.119 -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 447 -j ACCEPT -A INPUT -d 91.121.17.119 -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 447 -j ACCEPT -A INPUT -d 91.121.17.119 -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 447 -j ACCEPT -A INPUT -d 91.121.17.119 -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 447 -j ACCEPT # munin -A INPUT -d 91.121.17.119 -p -s 91.121.158.43 tcp -m tcp --dport 4949 -j ACCEPT # ntpd -A INPUT -d 91.121.17.119 -p -s 91.121.158.43 tcp -m tcp --dport 123 -j ACCEPT # server connecting to itself -A INPUT -s 127.0.0.1 -d 91.121.17.119 -j ACCEPT # ping -A INPUT -d 91.121.17.119 -p icmp -j ACCEPT # reject everything else -A INPUT -d 91.121.17.119 -j REJECT --reject-with icmp-port-unreachable # Rules are restored on reboot, through iptables-restore
Also see ServerSetup
