[Techtalk] Help with iptables configuration

Tammy Cravit tammy.lists at warmfuzzy.com
Mon Aug 18 08:52:41 EST 2003


Hamster wrote:

>The webpage with the iptables script, is it possible for you to republish
>that, but with line numbers? 
>
Duh...I should have thought of that. The file has been updated. :-)

>rule set without knowing anything about the network/computer its trying to
>protect! If you can give some info about the duties of the machine its on
>and the type of computers its trying to protect, that would help.
>
OK, let's see...the machine is a Red Hat 7.2 (I'm trying to get the 
hosting provider to upgrade it) server hosted by Rackspace. uname -a 
reports the following:

    Linux XXX.XXX.com 2.4.18-SGI_XFS_1.1 #1 Wed Apr 17 09:20:17 CDT 2002 
i686 unknown

The machine is providing the following services to the Internet at large:

    - Apache (HTTP and HTTPS)
    - Apache Tomcat running on port 8080 to run one (so far) custom servlet
    - Outgoing SMTP for a variety of subscription-based email services
    - POP3 (though I'm trying to find out if the client really needs that)
    - NTP (ditto)

What I'm trying to accomplish with the iptables stuff is not turning it 
into a firewall to protect other systems, but just hardening it as much 
as is practical against people pounding on the box. So, any suggestions 
based on that would be greatly appreciated.  Also, I noticed something 
in line 124 of the config got garbled; I'll try to fix that.

Thanks for the help!
Tammy

-- 

Tammy Cravit, tammy at warmfuzzy.com <mailto:tammy at warmfuzzy.com>   | "Courage is the price that life
http://www.warmfuzzy.com/           |  exacts for granting peace."
http://www.warmfuzzy.com/blog/      |      - Amelia Earhart





More information about the Techtalk mailing list