iptables to allow input and output traffic to and from web server only

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Caedmon on Server Fault See other posts from Server Fault or by Caedmon
Published on 2014-05-30T08:51:18Z Indexed on 2014/05/30 9:29 UTC
Read the original article Hit count: 166

Filed under:
|
|
|

I have an Elastic Search server which seems to have been exploited (it's being used for a DDoS attack having had NO firewall for about a month).

As a temporary measure while I create a new one I was hoping to block all traffic to and from the server which wasn't coming from or going to our web server. Will these iptables rules achieve this:

iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 9200 -j DROP
iptables -P FORWARD \! --src 1.2.3.4 DROP
iptables -P OUTPUT \! --src 1.2.3.4 DROP

The first rule is tried and tested but obviously wasn't preventing traffic coming from my server to other IP addresses so I was hoping I could add the second two rules to full secure it.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about iptables

Related posts about firewall

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle