1

What will be a perfect iptables firewall script for a webserver?

view story
linux-howto

http://serverfault.com – What rules do you consider are needed in order to have the perfect fw script for a webserver, other than filter everything but ports 22, 80, and 443? Thanks in advance! (HowTos)

taskli's picture
Submitted by taskli on 12/12/2012

Stories similar to What will be a perfect iptables firewall script for a webserver?

I have a script that is several hundred lines long full of iptables rules (I've spent way too much time on this, and had far too much fun testing it) but when I run the script, the rules go in wrong - that is, when I do...

Code: iptables -vnL The order (being that iptables starts at the top of the chain and works its way down) is out of order, but it's ordered properly in the script.

Hallo,

I installed a generated firewall script, but now wicd does no more connect to my router via wlan0. I have to switch off the firewall, wait until wicd connects and then start the firewall again. Which ports do I have to open?

iptables port redirection. 1 year 36 weeks ago

Hello all, I've set up a virtual machine via VirtualBox (both host/guest are Arch x64) as a small development webserver. The VM is connected via NAT and has ports forwarded to the host for SSH and HTTP.

iptables fails on COMMIT 34 weeks 4 days ago

I noticed this morning the iptables firewall was not starting due to the fact that I rebuilt the kernel and forgot to include the relevent Netfilter modules. So I added those and rebooted. The firewall still fails, but rather that referring to the non-available ip_tables module, it now just says iptables.init[1290]: iptables: Applying firewall rules: iptables-restore: line 13 failed.

Possible Duplicate: iptables: forward port 80 to port 8080

I'd like to forward port 80 to 8080. So I tried to edit /etc/syscongfig/iptables:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But got:

# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK

Hello I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when I am on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also.

I have recently installed the centos server. I have configured apache and all the mysql packages.

I have also one live IP. When I run the webserver with the live IP on the centos webserver itself all looks good. But when I try to access remotely via another IP, it says "unable to connect".

I have also set up iptables.

I have a range of ip addresses (10.13.13.10-19) that I want to redirect all outgoing http traffic to an internal webserver. So if someone in that range tried to access any site, the html from my webserver would be returned instead. However, I only want to affect that ip range. What iptables rules do I need on my router to make this happen?

Video: mostly perfect Wifi: perfect out of the box Bluetooth: perfect out of the box Sound: perfect out of the box DVD RW: perfect out of the box Ethernet: perfect out of the box USB: perfect out of the box WEB camera: perfect, after install v4l2ucp...