I've set up a new server on redhat and as part of that I trolled the internet for how to use iptables and put together what I think is a reasonable firewall. But, I don't really know what I'm doing yet with iptables. I started by dropping all traffic then just enabling what I need. Anyone else do this? Any comments/tips/suggestions/etc would be appreciated. Here's my set of rules:
If we get a good set together, we could distribute the script with webwork so people can easily set up a good firewall.
There's a "front end" to IP-tables called shorewall. It is all on the command line - there is no gui. We have used shorewall, and it is easy to use. It has some simple commands to specify the traffic you want to allow. The rest will automatically be blocked.
On debian/ubuntu the ufw firewall is even simpler to use.
The Lon-CAPA developers wrote a perl firewall script that works both in rpm based and deb based systems:
Perhaps it can be adapted to webwork?
FWIW, Redhat packs in with a GUI for managing iptables.
You can run system-config-firewall, and it will generate the iptables config file.
One other comment: your iptables config doesn't allow connections for lighttpd if it is being used for static images. This is something to consider.