[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Firewall: Please Advise



After being hacked on my first linux server, I got more carefully with my
second linux.
I added firewall using IPTABLES. Please Advise what should I add to got my
linux more secure.

INPUT
    policy drop
    127.0.0.1 accept
    all internal IPs accept
    external dns accept only to port 53
    open port smtp, ssh

FORWARD
    policy accept

OUTPUT
    policy accept

NAT
    SNAT to public IP (single IP)
    DNAT port 80 to internal server

I try give more security in FORWARD (only accept internal IPs), but I think
it break the NAT.

The system runs, all internal clients can go to the internet. But, I still
worry about FORWARD policy,

Thanks







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]