iptables to allow input and output traffic to and from web server only

Posted by Caedmon on Server Fault See other posts from Server Fault or by Caedmon
Published on 2014-05-30T08:51:18Z Indexed on 2014/05/30 9:29 UTC
Read the original article Hit count: 172

Filed under:
|
|
|

I have an Elastic Search server which seems to have been exploited (it's being used for a DDoS attack having had NO firewall for about a month).

As a temporary measure while I create a new one I was hoping to block all traffic to and from the server which wasn't coming from or going to our web server. Will these iptables rules achieve this:

iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 9200 -j DROP
iptables -P FORWARD \! --src 1.2.3.4 DROP
iptables -P OUTPUT \! --src 1.2.3.4 DROP

The first rule is tried and tested but obviously wasn't preventing traffic coming from my server to other IP addresses so I was hoping I could add the second two rules to full secure it.

© Server Fault or respective owner

Related posts about iptables

Related posts about firewall