tony.arnold at manchester.ac.uk
Fri Apr 18 14:27:19 BST 2008
Chris Rowson wrote:
> Just a quicky. I've been mucking around with iptables for a while, but
> I'm still a bit shaky with them. Would anyone mind checking this over
> for me please?
I'm not sure about how correct these rules are, but have you considered
using something like fwbuilder or shorewall to generate the rules for you?
And you may want to allow some ICMP stuff through. Depends how visible
you want to be on the net!
Oh, and if you are allowing ssh, then consider running fail2ban or
denyhosts to stop dictionary attacks via ssh, which are very common.
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 870 136 1004
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold at manchester.ac.uk
More information about the ubuntu-uk