iptables rules for web server email server,ftp and ssh,please help
I'm a linux newbie.
My company has a server, it runs apache,mysql,qmail and ftp.
Now I want to set up iptables rules to protect it.
I want to hide the port of mysql, so that the user from internet cannot connect to mysql. Other services can be connect from internet.
And I also want to block clients who open new connections more than 500 in 10 seconds for 1 hours. Will this rule affect search engineer spider to search my website?
Please kindly help me to check whether rules i set could do what I want or not.
The following are my iptables rules:
IPTABLES= /sbin/iptables
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_managle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit
$IPTABLES -t filter -P INPUT -p ALL -j DROP
$IPTABLES -t filter -P FORWARD -p ALL -j DROP
$IPTABLES -t filter -P OUTPUT -p ALL -j ACCEPT
$IPTABLES -N ratelimit
$IPTABLES -A OUTPUT -p tcp --sport 31337:31340 -j DROP
$IPTABLES -A OUTPUT -p tcp --dport 31337:31340 -j DROP
# SSH: 22, FTP: 21, http: 80, https:443, smtp:110, pop3:25, imap: 143
$IPTABLES -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --update -- rsource --secnods 10 --hitcount 50 -j DROP
$IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --set -- rsource -j ACCEPT
$IPTABLES -t filter -A INPUT -p tcp --syn -m multiport --dport 80,143,443,21,22,25,110 -j ratelimit
$IPTABLES -A ratelimit -p tcp -m state NEW -m recent --update --rsource --seconds 3600 -j DROP
$IPTABLES -A ratelimit -p tcp -m state --state NEW -m hashlimit --hashlimit 10/sec --haslimit-burst 50 --hashlimit-mode dstip --hashlimit-name badguy -j return
Regards &Thanks in advance
|