Find the answer to your Linux question:
Results 1 to 2 of 2
I'm a linux newbie. My company has a server, it runs apache,mysql,qmail and ftp. Now I want to set up iptables rules to protect it. I want to hide the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2009
    Posts
    2

    Question iptables rules,please help


    I'm a linux newbie.
    My company has a server, it runs apache,mysql,qmail and ftp.
    Now I want to set up iptables rules to protect it.
    I want to hide the port of mysql, so that the user from internet cannot connect to mysql. Other services can be connect from internet.

    And I also want to block clients who open new connections more than 500 in 10 seconds for 1 hours. Will this rule affect search engineer spider to search my website?

    Please kindly help me to check whether rules i set could do what I want or not.
    The following are my iptables rules:

    IPTABLES= /sbin/iptables

    /sbin/depmod -a

    /sbin/modprobe ip_tables
    /sbin/modprobe ip_conntrack
    /sbin/modprobe iptable_filter
    /sbin/modprobe iptable_managle
    /sbin/modprobe iptable_nat
    /sbin/modprobe ipt_state
    /sbin/modprobe ipt_limit

    $IPTABLES -t filter -P INPUT -p ALL -j DROP
    $IPTABLES -t filter -P FORWARD -p ALL -j DROP
    $IPTABLES -t filter -P OUTPUT -p ALL -j ACCEPT

    $IPTABLES -N ratelimit

    $IPTABLES -A OUTPUT -p tcp --sport 31337:31340 -j DROP
    $IPTABLES -A OUTPUT -p tcp --dport 31337:31340 -j DROP

    # SSH: 22, FTP: 21, http: 80, https:443, smtp:110, pop3:25, imap: 143
    $IPTABLES -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --update -- rsource --secnods 10 --hitcount 50 -j DROP
    $IPTABLES -t filter -A INPUT -m state --state NEW -p tcp -m recent --set -- rsource -j ACCEPT
    $IPTABLES -t filter -A INPUT -p tcp --syn -m multiport --dport 80,143,443,21,22,25,110 -j ratelimit

    $IPTABLES -A ratelimit -p tcp -m state NEW -m recent --update --rsource --seconds 3600 -j DROP
    $IPTABLES -A ratelimit -p tcp -m state --state NEW -m hashlimit --hashlimit 10/sec --haslimit-burst 50 --hashlimit-mode dstip --hashlimit-name badguy -j return

    Regards &Thanks in advance

  2. #2
    Just Joined!
    Join Date
    Mar 2009
    Posts
    2
    Anyone here?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •