Hi,

Thanks i modified my firewall now it works for me. I made the following
entries:


:FORWARD ACCEPT [0:0]                           # Accept all forwarded packets. In my 
case there
is no NAT, so this is ok.
:INPUT DROP [0:0]                                       # Drop all incoming packets.
:OUTPUT ACCEPT [0:0]                            # Accept all outgoing packets. So no 
traffic from my
server is blocked. Makes browsing the internet easier.
-A INPUT -s 80.242.234.70 -j ACCEPT             # All packets from this ip are
accepted. This is my ip from where i manage my collocated server.
-A INPUT -s 127.0.0.1 -j ACCEPT         # Some services use the loopback to
send/receive data. Leaving this entry away will cause some services to
crash.
-A INPUT -s 213.132.174.75 -j ACCEPT    # See the line above.
-A INPUT -d 127.0.0.1 -j ACCEPT         # See the line above.
-A INPUT -m state -d 213.132.174.75 --state ESTABLISHED,RELATED -j ACCEPT       #
Because some services also listening on not only the loopback, but also on
the NIC. They need to send/receive data without blocked by the firewall. The
options ESTABLISHED,RELATED will prevent connections from the internet. Only
related connections or al ready made connections will be accepted.
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT     # Allow the internet make a
connection with the FTP data port.
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT     # Allow the internet make a
connection with the FTP control port.
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT     # Allow the internet make a
connection with the SMTP port.
-A INPUT -p udp -m udp --dport 53 -j ACCEPT     # Allow the internet make a
connection with the DNS(UDP) port.
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT     # Allow the internet make a
connection with the DNS(TCP) port.
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT     # Allow the internet make a
connection with the HTTP port.
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT    # Allow the internet make a
connection with the POP3 port.
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT    # Allow the internet make a
connection with the HTTPS port.
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT  # Allow the internet make a
connection with the USERMIN port.
-A INPUT -p tcp -m tcp -m state --dport 60000:65000 --state
ESTABLISHED,RELATED -j ACCEPT   # This is a special one. Some FTP clients use
FTP in passive mode. My FTP server is configurated to use the passive ports
between 60000 and 65000. Leaving this entry away will disable the passive
mode. To prevent the internet to use this ports to connect only a RELATED or
ESTABLISHED connection will accepted. So when no FTP is used this ports are
closed(stealth).

All other services/protocols like NETBIOS, IMAP, ICMP, PING are blocked by
default. I have i made any misstakes please tell me.


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to