iptables to allow input and output traffic to and from web server only
Posted
by
Caedmon
on Server Fault
See other posts from Server Fault
or by Caedmon
Published on 2014-05-30T08:51:18Z
Indexed on
2014/05/30
9:29 UTC
Read the original article
Hit count: 172
I have an Elastic Search server which seems to have been exploited (it's being used for a DDoS attack having had NO firewall for about a month).
As a temporary measure while I create a new one I was hoping to block all traffic to and from the server which wasn't coming from or going to our web server. Will these iptables rules achieve this:
iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 9200 -j DROP
iptables -P FORWARD \! --src 1.2.3.4 DROP
iptables -P OUTPUT \! --src 1.2.3.4 DROP
The first rule is tried and tested but obviously wasn't preventing traffic coming from my server to other IP addresses so I was hoping I could add the second two rules to full secure it.
© Server Fault or respective owner