I'm working on configuring my server to the best possible and secure configuration using IPtables. Here is a list of blocked/allowed ports that I've configured and I'm just wondering if anyone has thoughts on them. Did I miss something, have I added too much, etc etc.
**********************************************
- Accept If input interface is lo
- Accept If input interface is eth0
- Do nothing If input interface is eth1
- Do nothing If protocol is ICMP and ICMP type is any
- Accept If state of connection is ESTABLISHED,RELATED
- Reject If protocol is TCP and destination port is 0:20
- Accept If protocol is TCP and destination port is 21
- Accept If protocol is TCP and destination port is 22
- Reject If protocol is TCP and destination port is 23:24
- Accept If protocol is TCP and destination port is 25
- Reject If protocol is TCP and destination port is 26:52
- Accept If protocol is TCP and destination port is 53
- Accept If protocol is UDP and destination port is 53
- Reject If protocol is TCP and destination port is 54:79
- Accept If protocol is TCP and destination port is 80
- Reject If protocol is TCP and destination port is 81:109
- Accept If protocol is TCP and destination port is 110
- Reject If protocol is TCP and destination port is 111:142
- Accept If protocol is TCP and destination port is 143
- Reject If protocol is TCP and destination port is 144:442
- Accept If protocol is TCP and destination port is 443
- Do nothing If protocol is TCP and source is localhost and destination port is 783 (SpamAssassin Spam Filtering)
- Accept If protocol is TCP and destination port is 2222
- Accept If protocol is TCP and destination port is 3306
- Accept If protocol is TCP and destination port is 5000
- Accept If protocol is TCP and destination port is 6661:6669
- Do nothing If protocol is TCP and destination port is 7028
- Accept If protocol is TCP and destination port is 8090
- Accept If protocol is TCP and destination port is 10000
- Reject Always
**********************************************
- Accept If input interface is lo
- Accept If input interface is eth0
- Do nothing If input interface is eth1
- Do nothing If protocol is ICMP and ICMP type is any
- Accept If state of connection is ESTABLISHED,RELATED
- Reject If protocol is TCP and destination port is 0:20
- Accept If protocol is TCP and destination port is 21
- Accept If protocol is TCP and destination port is 22
- Reject If protocol is TCP and destination port is 23:24
- Accept If protocol is TCP and destination port is 25
- Reject If protocol is TCP and destination port is 26:52
- Accept If protocol is TCP and destination port is 53
- Accept If protocol is UDP and destination port is 53
- Reject If protocol is TCP and destination port is 54:79
- Accept If protocol is TCP and destination port is 80
- Reject If protocol is TCP and destination port is 81:109
- Accept If protocol is TCP and destination port is 110
- Reject If protocol is TCP and destination port is 111:142
- Accept If protocol is TCP and destination port is 143
- Reject If protocol is TCP and destination port is 144:442
- Accept If protocol is TCP and destination port is 443
- Do nothing If protocol is TCP and source is localhost and destination port is 783 (SpamAssassin Spam Filtering)
- Accept If protocol is TCP and destination port is 2222
- Accept If protocol is TCP and destination port is 3306
- Accept If protocol is TCP and destination port is 5000
- Accept If protocol is TCP and destination port is 6661:6669
- Do nothing If protocol is TCP and destination port is 7028
- Accept If protocol is TCP and destination port is 8090
- Accept If protocol is TCP and destination port is 10000
- Reject Always