Answer the question
In order to leave comments, you need to log in
S
S
Sergey2015-02-21 13:07:48
Sergey, 2015-02-21 13:07:48
How to setup iptables for webserver on ubuntu 14.04?
Good afternoon colleagues, there is a server on ubuntu 14.04, you need to configure iptables for the web server is apache2 + nginx.
I just started to study Iptables and therefore I don’t really understand it, I will be glad for any help!
1 answer(s)
@mrmoney
The last three rules can of course be combined into one via -m multiport.
The rest can be added as needed.
Well, it would be nice to close ssh either to the ip-address of the office, or to configure some kind of fail2ban.
I
Igor, 2015-02-21 @mrmoney
Allow connection via ssh and http\https to the INPUT chain. In the same place, allow a local loop.
Set the default policies for the INPUT and FORWARD chain to DROP.
It should turn out something like this:
#!/bin/bash
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW --dport 443 -j ACCEPTThe last three rules can of course be combined into one via -m multiport.
The rest can be added as needed.
Well, it would be nice to close ssh either to the ip-address of the office, or to configure some kind of fail2ban.
Similar questions
A
A
Anatoly2018-02-17 12:56:35
How to redirect a port to another server while keeping the client's IP?
2Reply
R
V
N
Nikita Melikhov2015-11-10 12:12:16
Why is centos iptables not passing remote address through nat?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question