leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

Thursday, April 7, 2011

Labels

Secure your Kloxo Installation with your Firewall/IPTABLES

Stop iptables service: /etc/init.d/iptables stop Disable iptables service: chkconfig iptables off

linux (15) centos (9) Google (8) Apache (5) Kaltura (5) aws (5) API (3) Drupal (3) Kloxo (3)

Copy this code to /etc/init.d/firewall (Reminder: Disable "word wrap" in your text editor. Ex.: nano -w /etc/init.d/firewall) #!/bin/sh # firewall # chkconfig: 3 21 91 # description: Starts, stops iptables firewall case "$1" in start) # Clear rules iptables -t filter -F iptables -t filter -X echo - Clear rules : [OK] # SSH In iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT echo - SSH : [OK] # Don't break established connections iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT echo - established connections : [OK] # Block all connections by default iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP iptables -t filter -P OUTPUT DROP echo - Block all connections : [OK] # Loopback iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT echo - Loopback : [OK] # ICMP (Ping) iptables -t filter -A INPUT -p icmp -j ACCEPT iptables -t filter -A OUTPUT -p icmp -j ACCEPT echo - PING : [OK] # DNS In/Out iptables -t filter -A iptables -t filter -A iptables -t filter -A iptables -t filter -A echo - DNS : [OK]

Typo3 (3) Video (3) Wowza (3) CMS (2) alfresco (2) cloud (2) facebook (2) rackspace (2) red5 (2) social (2) .htaccess (1) Android (1) Diaspora (1) PC Tools (1) SEO (1) Webdesign allgemein (1) bitnami (1) canonical (1) ec2 (1) encoding (1) mobile (1) open source (1) typo3 extensions (1) ubuntu (1)

OUTPUT -p tcp --dport 53 -j ACCEPT OUTPUT -p udp --dport 53 -j ACCEPT INPUT -p tcp --dport 53 -j ACCEPT INPUT -p udp --dport 53 -j ACCEPT

# NTP Out iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT echo - NTP : [OK]

1 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

# FTP Out iptables -t filter -A iptables -t filter -A # FTP In iptables -t filter -A iptables -t filter -A iptables -t filter -A echo - FTP : [OK]

OUTPUT -p tcp --dport 20:21 -j ACCEPT OUTPUT -p tcp --dport 30000:50000 -j ACCEPT INPUT -p tcp --dport 20:21 -j ACCEPT INPUT -p tcp --dport 30000:50000 -j ACCEPT INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# HTTP + HTTPS Out iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT # HTTP + HTTPS In iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT echo - HTTP/HTTPS : [OK] # Mail SMTP:25 iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT echo - SMTP : [OK] # Mail POP3:110 iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT echo - POP : [OK] # Mail IMAP:143 iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT echo - IMAP : [OK] # Kloxo iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT echo - Kloxo : [OK] echo - Firewall [OK] exit 0 ;; stop) echo "Stopping Firewall: " iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -t filter -F exit 0 ;; *) echo "Usage: /etc/init.d/firewall {start|stop}" exit 1 ;; esac

Enable/Start Firewall Service chmod 700 /etc/init.d/firewall add firewall service: chkconfig -add firewall auto start firewall: chkconfig -level 2345 firewall on start firewall: /etc/init.d/firewall start

2 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

If you have slave server, add this on the master iptables -t filter -A INPUT -p tcp -s SLAVE_IP --dport 7779 -j ACCEPT iptables -t filter -A OUTPUT -p tcp -d SLAVE_IP --dport 7779 -j ACCEPT Note: replace SLAVE_IP with your Slave server IP. Add this on slave server iptables -t filter -A INPUT -p tcp -s MASTER_IP --dport 7779 -j ACCEPT iptables -t filter -A OUTPUT -p tcp -d MASTER_IP --dport 7779 -j ACCEPT Note: replace MASTER_IP with your Master server IP.

After all always a good idea /sbin/service httpd restart

Recommend this on Google

Labels: centos, Kloxo

No comments: Post a Comment

Comment as:

Links zu diesem Post

Create a Link Whorush: 18 sites by this AdSense ID

Newer Post Subscribe to: Post Comments (Atom)

Home

Older Post

3 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

4 of 4

7/28/2013 12:58 AM