WeBWorK Main Forum

iptables firewall rules

iptables firewall rules

by Jason Aubrey -
Number of replies: 4
Hi Everybody,

I've set up a new server on redhat and as part of that I trolled the internet for how to use iptables and put together what I think is a reasonable firewall. But, I don't really know what I'm doing yet with iptables. I started by dropping all traffic then just enabling what I need. Anyone else do this? Any comments/tips/suggestions/etc would be appreciated. Here's my set of rules:

https://gist.github.com/4534512

If we get a good set together, we could distribute the script with webwork so people can easily set up a good firewall.

Thanks!
Jason
In reply to Jason Aubrey

Re: iptables firewall rules

by Lars Jensen -
Hi Jason,

There's a "front end" to IP-tables called shorewall. It is all on the command line - there is no gui. We have used shorewall, and it is easy to use. It has some simple commands to specify the traffic you want to allow. The rest will automatically be blocked.

On debian/ubuntu the ufw firewall is even simpler to use.

Lars.

In reply to Lars Jensen

Re: iptables firewall rules

by Lars Jensen -
Hi Jason,

The Lon-CAPA developers wrote a perl firewall script that works both in rpm based and deb based systems:


Perhaps it can be adapted to webwork?

Lars.
In reply to Lars Jensen

Re: iptables firewall rules

by Jason Aubrey -
Hi Lars,

Thanks for the tips. I like the idea of shorewall or ufw, but I tried to go with something purely iptables so it would be cross-platform. The lon-capa approach does look really intriguing.

Thanks again,
Jason
In reply to Jason Aubrey

Re: iptables firewall rules

by Danny Glin -
FWIW, Redhat packs in with a GUI for managing iptables.

You can run system-config-firewall, and it will generate the iptables config file.

One other comment: your iptables config doesn't allow connections for lighttpd if it is being used for static images.  This is something to consider.

Danny