Hello,
I need to protect the Linux servers for performance management with iptables for a customer. I've also managed to do that right down to the Performance Center.
Unfortunately I do not get it, that after the activation of iptables the access by HTTP / HTTPS on the servers functions.
Has anyone already hedged the servers with iptables? And can help me?
thank you
My config is
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8182 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8382 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
#Data Aggregator
-A INPUT -p tcp -s 192.168.0.26 -d 192.168.0.4 --sport 513:65535 --dport 8381 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 192.168.0.26 -d 192.168.0.4 --sport 513:65535 --dport 8581 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 192.168.0.4 -d 192.168.0.26 --sport 513:65535 --dport 8381 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 192.168.0.4 -d 192.168.0.26 --sport 513:65535 --dport 8581 -m state --state NEW,ESTABLISHED -j ACCEPT
# DNS , NTP Server, SNMP
-A OUTPUT -p udp --sport 1024:65535 --dport 53 -d 10.30.0.34 -j ACCEPT
-A OUTPUT -p udp --sport 123 --dport 123 -d 10.2.10.10 -j ACCEPT
-I INPUT -p udp -m udp -s 192.168.0.36 -d 192.168.0.4 --dport 161 -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -s 192.168.0.36 --j ACCEPT
-A OUTPUT -p icmp --icmp-type echo-reply -s 192.168.0.36 --j ACCEPT
thanks for help
Andreas Burger