[Cialug] IPTables Concept
lister at kulish.com
lister at kulish.com
Thu Oct 26 15:02:59 CDT 2006
I am working on a Security in Depth concept using IPTables as the
firewall. I have little experience with it due to my backround mostly
being with PF on BSD.
So here is what I am looking to try.
To keep it simple I am going to work on test server that is only hosting
a single service, ssh. The server will need to access services on other
machines. We'll call the server silo.icbm.com for this exercise.
Hosted services (INBOUND):
SSH Services needs to be accessible from a single host on the internal
network only. This can be done via sshd_config, so should have no
impact on the iptable rules other than allowing the traffic in.
Accessed services (OUTBOUND):
SYSLOG to a single host in the internal network.
NTP to a single host in the internal network.
RSYNC (over SSH) to a single host in the internal network.
SMTP to a single host in the internal network.
HTTP to a single host on the Internet for patches.
DNS to 2 hosts on the internal network.
All other packets DROPped. I do not want any sort of denied response
sent or logged. This means I wish to drop inbound AND outbound.
And now for my questions.
I assume iptables is capable of this sort of setup?
Will I need some sort of "special" rule to allow the TCP connection to
send data back out on an SSH login? Or is this automatic?
Will dropping all, not specifically allowed, packets break something in
the server? Or potentially cause a security issue?
Does this look like a secure enough firewall for internal servers?
Thanks for any input and helping out a iptables newbie with concepts.
Thanks!
Chris K.
More information about the Cialug
mailing list