iptables firewall
I am constructing a firewall and so far it seems perfectly fine with one exception: when it is up and running mail stops coming in or out.
Here is the firewall config, I know fancy fancy articles "have rules for in and out and forward chains redirecting to tables and blah blah blah / dam it has to be simplier", however for now i just want to make one using ony simple iptables config.
Code:
*filter :INPUT ACCEPT [3034524:360618404] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5624541:7189514591] -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 5000:5050 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 25 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp -j DROP -A INPUT -i eth0 -p udp -m udp -j DROP COMMIT
Its a redhat 9 box.
5000-5050 are for ftp passsive ports.
I just simply want to make all ports blocked except those I need.
Any internal lo -> lo traffic is good.
Any outgoing yes is fine. I want to keep them out but I don't want to keep me in
Any pointers?
Thank you very much in advance...
- R
