iptables input DROP rule
From: Tony (tony.wong@stanford.edu)Date: 05/29/02
- Next message: Robert: "Re: Samba server and virus scanning on Linux"
- Previous message: Tim Haynes: "Re: Slackware 8.1rc1 ISO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tony" <tony.wong@stanford.edu> Date: Wed, 29 May 2002 14:17:52 -0700
Trying to setup iptables firewall on a web server.
I have the policy as follows:
*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -i eth1 -f -j DROP
-A INPUT -i eth1 -p tcp -m state --state INVALID -j DROP
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp ! --tcp-flags
SYN,RST,ACK SYN -j DROP
-A INPUT -i eth1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit
1/sec -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m
limit --limit 1/sec -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state ESTABLISHED -m tcp --dport 80 -j
ACCEPT
Then when I try to access a web page on this server. The page comes up but
very very slow. Like some graphics are not being loaded.
Then I changed the rule to:
:INPUT ACCEPT
and then the page and graphics loaded very quickly. Why is that. What ports
do I need to open?
Thanks
- Next message: Robert: "Re: Samba server and virus scanning on Linux"
- Previous message: Tim Haynes: "Re: Slackware 8.1rc1 ISO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
