iptables quick help...

I am configuring a Database server (MySQL) which I want to only allow incoming traffic on port 22 and 3306 (3306 for a network range only) and outgoing traffic on 123 (ntp)

is the following iptables configuration the tightest i can make ??


*filter
:OUTPUT ACCEPT
:FORWARD DROP
:INPUT DROP
-A INPUT -i lo -p all -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -s 66.32.187.0/24 --dport 3306 -j ACCEPT


Thanks for your help!!

 

 

 

 

Top