Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergei Iamskoi2015-06-22 17:37:23
linux
Sergei Iamskoi, 2015-06-22 17:37:23

How to set up IPTABLE the first time?

There is knowledge of Linux, but not a solid five. We set the task to close all ports on the Debian server, and 3306 and 22 - to allow them only for certain IPs. What and how to execute commands via SSH so that the connection is not closed? The server is remote, in distant overseas lands.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
3
3vi1_0n3, 2015-06-22
@syamskoy

In short:
First you allow incoming to port 22 from a specific address and allow all outgoing
Then you close all incoming ones on all ports
After that, the connection should not fall off
After that, you allow incoming ones at the necessary addresses and ports:

iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s <некоторый IP> --dport 22 -j ACCEPT

And so on.
After allowing the necessary incoming ports, you can close outgoing ports in the same way.
You can write all this into a script, and set the cron to clean up tables every 15 minutes in case something goes wrong.

Report
S
Sergey, 2015-06-22
@edinorog

in short so. you take a manual on iptable and you read. then you set up on a test stand. then again and again. and then already somewhere in the Far Far Away kingdom. then the first time.

Report
K
Konstantin, 2015-06-22
@TheSpbra1n

Everyone advises using iptables , but I advise you to look at FERM , there is such a package in debian.
In fact, this is a convenient add-on for iptables with some features, for example, if you specify incorrect settings and lose connection with the server, ferm will roll them back ( --interactive key) There is a
lot of documentation on ferm, for example: habrahabr.ru/post/127184

Report
V
Valentine, 2015-06-22
@vvpoloskin

Come up with some kind of rollback mechanism:
1) restart the computer after 15 minutes, and during these 15 minutes, drive in the rules in turn
2) apply the default iptables-apply or iptables-restore configuration also after 15 minutes

Report
A
Alexey Cheremisin, 2015-06-22
@leahch

Don't bother with mogzk and get the rules generator for iptables, I really like firehol, it's simple and reliable! firehol.org
Here is an example config for pptp and LAN with masquerading and open required ports

interface eth0 mylan
    policy accept

interface ppp+ internet
    server smtp accept
    server http accept
    server ftp  accept
    server ssh  accept src example.firehol.org

    client all  accept

router mylan2internet inface eth0 outface ppp+
    masquerade
    route all accept

Report
A
AVKor, 2015-06-22
@AVKor

3306 is the port for MySQL. Whether it is closed or open - it does not matter at all for SSH access.
And for SSH it is not necessary to use 22. You can use any free one. Change it, and then experiment with 22 as you like.

Similar questions
M
MefistofelKr2015-11-23 18:10:42
How to install packages on Debian from GIT? 3Reply
A
Andrey2022-01-22 03:34:54
How to wait for data to be received from the calling component? 2Reply
A
Alexander2015-11-24 11:02:43
Why can't I set a password (hangs) on the SSD using sudo hdparm --user-master u --security-set-pass? 1Reply
N
nirvimel2015-11-24 12:34:14
Is it possible to configure a Samba share via the GUI under KDE and how does kdenetwork-filesharing work under Jessie? 2Reply
V
Vladislav2015-11-24 16:42:18
Is there something like Observable in linux that can watch for changes? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question